Application entitlements can be used through authentik to manage authorization within an application (what areas of the app users or groups can access). Entitlements are scoped to a single application and can be bound to multiple users and/or groups (binding policies is not currently supported), giving them access to the entitlement. An application can either check for the name of the entitlement (via the `entitlements` scope), or via attributes stored in entitlements.
diff --git a/website/docs/add-secure-apps/flows-stages/bindings/index.md b/website/docs/add-secure-apps/flows-stages/bindings/index.md
index 9e824ff000..238814bbf2 100644
--- a/website/docs/add-secure-apps/flows-stages/bindings/index.md
+++ b/website/docs/add-secure-apps/flows-stages/bindings/index.md
@@ -24,7 +24,7 @@ A _policy binding_ connects a specific policy to a flow or to a stage. With the
You can also bind groups and users to another component (a policy, a stage, a flow, etc.). For example, you can create a binding for a specific group, and then [bind that to a stage binding](../stages/index.md#bind-users-and-groups-to-a-flows-stage-binding), with the result that everyone in that group now will see that stage (and any policies bound to that stage) as part of their flow. Or more specifically, and going one step deeper, you can also _bind a binding to a binding_.
-Bindings are also used for [Application Entitlements](../../applications/manage_apps.md#application-entitlements), where you can bind specific users or groups to an application as a way to manage who has access to the application.
+Bindings are also used for [Application Entitlements](../../applications/manage_apps.mdx#application-entitlements), where you can bind specific users or groups to an application as a way to manage who has access to the application.
It's important to remember that bindings are instantiated objects themselves, and conceptually can be considered as a "connector" between two components. This is why you might read about "binding a binding", because technically, a binding is "spliced" into another binding, in order to intercept and enforce the criteria defined in the second binding.
diff --git a/website/docs/add-secure-apps/flows-stages/bindings/work_with_bindings.md b/website/docs/add-secure-apps/flows-stages/bindings/work_with_bindings.md
index f3e1f38a3f..81bfa9beb9 100644
--- a/website/docs/add-secure-apps/flows-stages/bindings/work_with_bindings.md
+++ b/website/docs/add-secure-apps/flows-stages/bindings/work_with_bindings.md
@@ -8,6 +8,6 @@ For instructions to create a binding, refer to the documentation for the specifi
- [Bind a stage to a flow](../stages/index.md#bind-a-stage-to-a-flow)
- [Bind a policy to a flow or stage](../../../customize/policies/working_with_policies#bind-a-policy-to-a-flow-or-stage)
-- [Bind users or groups to a specific application with an Application Entitlement](../../applications/manage_apps.md#application-entitlements)
-- [Bind a policy to a specific application when you create a new app using the Wizard](../../applications/manage_apps.md#instructions)
+- [Bind users or groups to a specific application with an Application Entitlement](../../applications/manage_apps.mdx#application-entitlements)
+- [Bind a policy to a specific application when you create a new app using the Wizard](../../applications/manage_apps.mdx#instructions)
- [Bind users and groups to a stage binding, to define whether or not that stage is shown](../stages/index.md#bind-users-and-groups-to-a-flows-stage-binding)
diff --git a/website/docs/add-secure-apps/flows-stages/flow/context/index.md b/website/docs/add-secure-apps/flows-stages/flow/context/index.mdx
similarity index 90%
rename from website/docs/add-secure-apps/flows-stages/flow/context/index.md
rename to website/docs/add-secure-apps/flows-stages/flow/context/index.mdx
index 3b5c626aa8..74a5bec96a 100644
--- a/website/docs/add-secure-apps/flows-stages/flow/context/index.md
+++ b/website/docs/add-secure-apps/flows-stages/flow/context/index.mdx
@@ -24,11 +24,11 @@ Keys prefixed with `goauthentik.io` are used internally by authentik and are sub
### Common keys
-#### `pending_user` ([User object](../../../../users-sources/user/user_ref.md#object-properties))
+#### `pending_user` ([User object](../../../../users-sources/user/user_ref.mdx#object-properties))
-`pending_user` is used by multiple stages. In the context of most flow executions, it represents the data of the user that is executing the flow. This value is not set automatically, it is set via the [Identification stage](../../stages/identification/index.md).
+`pending_user` is used by multiple stages. In the context of most flow executions, it represents the data of the user that is executing the flow. This value is not set automatically, it is set via the [Identification stage](../../stages/identification/index.mdx).
-Stages that require a user, such as the [Password stage](../../stages/password/index.md), the [Authenticator validation stage](../../stages/authenticator_validate/index.md) and others will use this value if it is set, and fallback to the request's users when possible.
+Stages that require a user, such as the [Password stage](../../stages/password/index.md), the [Authenticator validation stage](../../stages/authenticator_validate/index.mdx) and others will use this value if it is set, and fallback to the request's users when possible.
#### `prompt_data` (Dictionary)
@@ -62,7 +62,7 @@ When an unauthenticated user attempts to access a secured resource, they are red
When a user authenticates/enrolls via an external source, this will be set to the source they are using.
-#### `outpost` (dictionary) authentik 2024.10+
+#### `outpost` (dictionary):ak-version[2024.10]
When a flow is executed by an Outpost (for example the [LDAP](../../../providers/ldap/index.md) or [RADIUS](../../../providers/radius/index.mdx)), this will be set to a dictionary containing the Outpost instance under the key `"instance"`.
@@ -76,7 +76,7 @@ This key is set to `True` when the flow is executed from an "SSO" context. For e
This key is set when a flow execution is continued from a token. This happens for example when an [Email stage](../../stages/email/index.mdx) is used and the user clicks on the link within the email. The token object contains the key that was used to restore the flow execution.
-#### `is_redirected` (Flow object) authentik 2024.12+
+#### `is_redirected` (Flow object):ak-version[2024.12]
This key is set when the current flow was reached through a [Redirect stage](../../stages/redirect/index.md) in Flow mode.
@@ -98,7 +98,7 @@ URL that the form will be submitted to.
Key-value pairs of the data that is included in the form and will be submitted to `url`.
-#### Captcha stage authentik 2024.6+
+#### Captcha stage:ak-version[2024.6]
##### `captcha` (dictionary)
@@ -118,7 +118,7 @@ An optional list of all permissions that will be given to the application by gra
#### Deny stage
-##### `deny_message` (string) authentik 2023.10+
+##### `deny_message` (string)
Optionally overwrite the deny message shown, has a higher priority than the message configured in the stage.
@@ -134,7 +134,7 @@ If set, this must be a list of group objects and not group names.
Path the `pending_user` will be written to. If not set in the flow, falls back to the value set in the user_write stage, and otherwise to the `users` path.
-##### `user_type` (string) authentik 2023.10+
+##### `user_type` (string)
Type the `pending_user` will be created as. Must be one of `internal`, `external` or `service_account`.
@@ -146,7 +146,7 @@ Set by the [Password stage](../../stages/password/index.md) after successfully a
##### `auth_method` (string)
-Set by the [Password stage](../../stages/password/index.md), the [Authenticator validation stage](../../stages/authenticator_validate/index.md), the [OAuth2 Provider](../../../providers/oauth2/index.md), and the API authentication depending on which method was used to authenticate.
+Set by the [Password stage](../../stages/password/index.md), the [Authenticator validation stage](../../stages/authenticator_validate/index.mdx), the [OAuth2 Provider](../../../providers/oauth2/index.mdx), and the API authentication depending on which method was used to authenticate.
Possible options:
@@ -155,7 +155,7 @@ Possible options:
- `ldap` (Authenticated via LDAP bind from an LDAP source)
- `auth_mfa` (Authentication via MFA device without password)
- `auth_webauthn_pwl` (Passwordless authentication via WebAuthn)
-- `jwt` ([M2M](../../../providers/oauth2/client_credentials.md) authentication via an existing JWT)
+- `jwt` ([M2M](../../../providers/oauth2/client_credentials.mdx) authentication via an existing JWT)
##### `auth_method_args` (dictionary)
@@ -198,7 +198,7 @@ If _Show matched user_ is disabled, this key will be set to the user identifier
#### Redirect stage
-##### `redirect_stage_target` (string) authentik 2024.12+
+##### `redirect_stage_target` (string):ak-version[2024.12]
[Set this key](../../../../customize/policies/expression/managing_flow_context_keys.md) in an Expression Policy to override [Redirect stage](../../stages/redirect/index.md) to force it to redirect to a certain URL or flow. This is useful when a flow requires that the redirection target be decided dynamically.
diff --git a/website/docs/add-secure-apps/flows-stages/flow/examples/snippets.md b/website/docs/add-secure-apps/flows-stages/flow/examples/snippets.mdx
similarity index 88%
rename from website/docs/add-secure-apps/flows-stages/flow/examples/snippets.md
rename to website/docs/add-secure-apps/flows-stages/flow/examples/snippets.mdx
index 1146ee0389..30fd7979c8 100644
--- a/website/docs/add-secure-apps/flows-stages/flow/examples/snippets.md
+++ b/website/docs/add-secure-apps/flows-stages/flow/examples/snippets.mdx
@@ -2,7 +2,7 @@
title: Example policy snippets for flows
---
-### Redirect current flow to another URL authentik 2022.7+
+### Redirect current flow to another URL
```python
plan = request.context.get("flow_plan")
diff --git a/website/docs/add-secure-apps/flows-stages/flow/executors/headless.md b/website/docs/add-secure-apps/flows-stages/flow/executors/headless.md
index 7422831a19..c1b10437d6 100644
--- a/website/docs/add-secure-apps/flows-stages/flow/executors/headless.md
+++ b/website/docs/add-secure-apps/flows-stages/flow/executors/headless.md
@@ -6,6 +6,6 @@ The headless flow executor is used by clients that don't have access to the web
The following stages are supported:
-- [**Identification stage**](../../stages/identification/index.md)
+- [**Identification stage**](../../stages/identification/index.mdx)
- [**Password stage**](../../stages/password/index.md)
-- [**Authenticator Validation Stage**](../../stages/authenticator_validate/index.md)
+- [**Authenticator Validation Stage**](../../stages/authenticator_validate/index.mdx)
diff --git a/website/docs/add-secure-apps/flows-stages/flow/executors/sfe.md b/website/docs/add-secure-apps/flows-stages/flow/executors/sfe.md
index 3bb444789f..1edabe4d89 100644
--- a/website/docs/add-secure-apps/flows-stages/flow/executors/sfe.md
+++ b/website/docs/add-secure-apps/flows-stages/flow/executors/sfe.md
@@ -1,9 +1,8 @@
---
title: Simplified flow executor
+authentik_version: "2024.6.1"
---
-authentik 2024.6.1+
-
A simplified web-based flow executor that authentik automatically uses for older browsers that do not support modern web technologies.
Currently this flow executor is automatically used for the following browsers:
@@ -13,14 +12,14 @@ Currently this flow executor is automatically used for the following browsers:
The following stages are supported:
-- [**Identification stage**](../../stages/identification/index.md)
+- [**Identification stage**](../../stages/identification/index.mdx)
:::info
Only user identifier and user identifier + password stage configurations are supported; sources and passwordless configurations are not supported.
:::
- [**Password stage**](../../stages/password/index.md)
-- [**Authenticator Validation Stage**](../../stages/authenticator_validate/index.md)
+- [**Authenticator Validation Stage**](../../stages/authenticator_validate/index.mdx)
Compared to the [default flow executor](./if-flow.md), this flow executor does _not_ support the following features:
diff --git a/website/docs/add-secure-apps/flows-stages/flow/executors/user-settings.md b/website/docs/add-secure-apps/flows-stages/flow/executors/user-settings.md
index a3efe8b0a1..0eb9680652 100644
--- a/website/docs/add-secure-apps/flows-stages/flow/executors/user-settings.md
+++ b/website/docs/add-secure-apps/flows-stages/flow/executors/user-settings.md
@@ -2,10 +2,6 @@
title: User settings
---
-authentik 2023.3+
-
----
-
The user interface (/if/user/) uses a specialized flow executor to allow individual users to customize their profile. A user's profile consists of key/value fields, so this executor only supports Prompt or User Write stages. If the configured flow contains another stage, a button will be shown to open the default executor.
Because the stages in a flow can change during its execution, be awre that configuring this executor to use any stage type other than Prompt or User Write will automatically trigger a redirect to the standard executor.
diff --git a/website/docs/add-secure-apps/flows-stages/flow/flow_list/_defaultflowlist.mdx b/website/docs/add-secure-apps/flows-stages/flow/flow_list/_defaultflowlist.mdx
index ac1344ed81..8d4c54dc3b 100644
--- a/website/docs/add-secure-apps/flows-stages/flow/flow_list/_defaultflowlist.mdx
+++ b/website/docs/add-secure-apps/flows-stages/flow/flow_list/_defaultflowlist.mdx
@@ -6,7 +6,7 @@
- **Invalidation**: designates a default flow to be used to invalidate a session. Use `default-invalidation-flow` for invalidation from authentik itself, or use `default-provider-invalidation-flow` to invalidate when the session of an application ends. When you use the `default-invalidation-flow` as a global invalidation flow, it should contain a [**User Logout**](../../stages/user_logout.md) stage. When you use the `default-provider-invalidation-flow` (supported with OIDC, SAML, Proxy, and RAC providers), you can configure this default flow to present users log-off options such as "log out of the app but remain logged in to authentik" or "return to the **My Applications** page", or "log out completely". (Alternatively, you can create a custom invalidation flow, with a branded background image.)
-- **Recovery**: designates a flow for recovery. This flow normally contains an [**Identification**](../../stages/identification/index.md) stage to find the user. It can also contain any amount of verification stages, such as [**Email**](../../stages/email/index.mdx) or [**CAPTCHA**](../../stages/captcha/index.md). Afterwards, use the [**Prompt**](../../stages/prompt/index.md) stage to ask the user for a new password and the [**User Write**](../../stages/user_write.md) stage to update the password.
+- **Recovery**: designates a flow for recovery. This flow normally contains an [**Identification**](../../stages/identification/index.mdx) stage to find the user. It can also contain any amount of verification stages, such as [**Email**](../../stages/email/index.mdx) or [**CAPTCHA**](../../stages/captcha/index.md). Afterwards, use the [**Prompt**](../../stages/prompt/index.md) stage to ask the user for a new password and the [**User Write**](../../stages/user_write.md) stage to update the password.
- **Stage configuration**: designates a flow for general setup. This designation doesn't have any constraints in what you can do. For example, by default this designation is used to configure authenticators, like change a password and set up TOTP.
diff --git a/website/docs/add-secure-apps/flows-stages/flow/index.md b/website/docs/add-secure-apps/flows-stages/flow/index.md
index 3b8949a72d..62689a8568 100644
--- a/website/docs/add-secure-apps/flows-stages/flow/index.md
+++ b/website/docs/add-secure-apps/flows-stages/flow/index.md
@@ -20,7 +20,7 @@ When these stages are successfully completed, authentik logs in the user.
By default, policies are evaluated dynamically, right before the stage (to which a policy is bound) is presented to the user. This flexibility allows the login process to continue, change, or stop, based on the success or failure of each policy.
-This default behaviour can be altered by enabling the **Evaluate when flow is planned** option on the stage binding. With this setting a _flow plan_ containing all stages is generated upon flow execution. This means that all attached policies are evaluated upon execution. For more information about flow plans, read our [flow context documentation](./context/index.md).
+This default behaviour can be altered by enabling the **Evaluate when flow is planned** option on the stage binding. With this setting a _flow plan_ containing all stages is generated upon flow execution. This means that all attached policies are evaluated upon execution. For more information about flow plans, read our [flow context documentation](./context/index.mdx).
## Permissions
diff --git a/website/docs/add-secure-apps/flows-stages/flow/inspector.md b/website/docs/add-secure-apps/flows-stages/flow/inspector.md
index 902d973eb2..c6a6ab6d65 100644
--- a/website/docs/add-secure-apps/flows-stages/flow/inspector.md
+++ b/website/docs/add-secure-apps/flows-stages/flow/inspector.md
@@ -2,7 +2,7 @@
title: Flow Inspector
---
-The flow inspector, introduced in 2021.10, allows administrators to visually determine how custom flows work, inspect the current [flow context](./context/index.md), and investigate issues.
+The flow inspector, introduced in 2021.10, allows administrators to visually determine how custom flows work, inspect the current [flow context](./context/index.mdx), and investigate issues.
As shown in the screenshot below, the flow inspector displays next to the selected flow (in this case, "Change Password"), with [information](#flow-inspector-details) about that specific flow and flow context.
diff --git a/website/docs/add-secure-apps/flows-stages/stages/authenticator_duo/index.md b/website/docs/add-secure-apps/flows-stages/stages/authenticator_duo/index.mdx
similarity index 91%
rename from website/docs/add-secure-apps/flows-stages/stages/authenticator_duo/index.md
rename to website/docs/add-secure-apps/flows-stages/stages/authenticator_duo/index.mdx
index a2b2450c8f..f0a749b7f9 100644
--- a/website/docs/add-secure-apps/flows-stages/stages/authenticator_duo/index.md
+++ b/website/docs/add-secure-apps/flows-stages/stages/authenticator_duo/index.mdx
@@ -10,7 +10,7 @@ Copy all of the integration key, secret key and API hostname, and paste them in
Devices created reference the stage they were created with, since the API credentials are needed to authenticate. This also means when the stage is deleted, all devices are removed.
-## Importing users authentik 2022.9+
+## Importing users
:::info
Due to the way the Duo API works, authentik can only automatically import existing Duo users when a Duo MFA or higher license is active.
@@ -20,7 +20,7 @@ To import a device, open the Stages list in the authentik Admin interface. On th
The Duo username can be found by navigating to your Duo Admin dashboard and selecting _Users_ in the sidebar. Optionally if you have multiple users with the same username, you can click on a User and copy their ID from the URL, and use that to import the device.
-### Older versions authentik 2021.9.1+
+### Older versions
You can call the `/api/v3/stages/authenticator/duo/{stage_uuid}/import_devices/` endpoint ([see here](https://goauthentik.io/api/#post-/stages/authenticator/duo/-stage_uuid-/import_devices/)) using the following parameters:
diff --git a/website/docs/add-secure-apps/flows-stages/stages/authenticator_endpoint_gdtc/index.md b/website/docs/add-secure-apps/flows-stages/stages/authenticator_endpoint_gdtc/index.md
index dbf50f3f80..940c19060e 100644
--- a/website/docs/add-secure-apps/flows-stages/stages/authenticator_endpoint_gdtc/index.md
+++ b/website/docs/add-secure-apps/flows-stages/stages/authenticator_endpoint_gdtc/index.md
@@ -1,11 +1,8 @@
---
title: Endpoint Authenticator Google Device Trust Connector Stage
----
-
-Enterprise
-Preview
-authentik 2024.10+
-
+authentik_version: "2024.10"
+authentik_preview: true
+authentik_enterprise: true
---
With this stage, authentik can validate users' Chrome browsers and ensure that users' devices are compliant and up-to-date.
@@ -18,10 +15,11 @@ This stage only works with Google Chrome, as it relies on the [Chrome Verified A
The main steps to set up your Google workspace are as follows:
-1. [Create your Google Cloud Project](#create-a-google-cloud-project)
-2. [Create a service account](#create-a-service-account)
-3. [Set credentials for the service account](#set-credentials-for-the-service-account)
-4. [Define access and scope in the Admin Console](#set-credentials-for-the-service-account)
+- [Configuration](#configuration)
+ - [Create a Google cloud project](#create-a-google-cloud-project)
+ - [Create a service account](#create-a-service-account)
+ - [Set credentials for the service account](#set-credentials-for-the-service-account)
+ - [Create the stage](#create-the-stage)
For detailed instructions, refer to Google documentation.
@@ -76,4 +74,4 @@ For detailed instructions, refer to Google documentation.
4. Click **Finish**.
-After creating the stage, it can be used in any flow. Compared to other Authenticator stages, this stage does not require enrollment. Instead of adding an [Authenticator Validation Stage](../authenticator_validate/index.md), this stage only verifies the users' browser.
+After creating the stage, it can be used in any flow. Compared to other Authenticator stages, this stage does not require enrollment. Instead of adding an [Authenticator Validation Stage](../authenticator_validate/index.mdx), this stage only verifies the users' browser.
diff --git a/website/docs/add-secure-apps/flows-stages/stages/authenticator_sms/index.md b/website/docs/add-secure-apps/flows-stages/stages/authenticator_sms/index.mdx
similarity index 97%
rename from website/docs/add-secure-apps/flows-stages/stages/authenticator_sms/index.md
rename to website/docs/add-secure-apps/flows-stages/stages/authenticator_sms/index.mdx
index e78d02481d..52421a7792 100644
--- a/website/docs/add-secure-apps/flows-stages/stages/authenticator_sms/index.md
+++ b/website/docs/add-secure-apps/flows-stages/stages/authenticator_sms/index.mdx
@@ -46,9 +46,9 @@ return {
}
```
-## Verify only authentik 2022.6+
+## Verify only
-To only verify the validity of a users' phone number, without saving it in an easily accessible way, you can enable this option. Phone numbers from devices enrolled through this stage will only have their hashed phone number saved. These devices can also not be used with the [Authenticator validation](../authenticator_validate/index.md) stage.
+To only verify the validity of a users' phone number, without saving it in an easily accessible way, you can enable this option. Phone numbers from devices enrolled through this stage will only have their hashed phone number saved. These devices can also not be used with the [Authenticator validation](../authenticator_validate/index.mdx) stage.
## Limiting phone numbers
diff --git a/website/docs/add-secure-apps/flows-stages/stages/authenticator_validate/index.md b/website/docs/add-secure-apps/flows-stages/stages/authenticator_validate/index.mdx
similarity index 90%
rename from website/docs/add-secure-apps/flows-stages/stages/authenticator_validate/index.md
rename to website/docs/add-secure-apps/flows-stages/stages/authenticator_validate/index.mdx
index 30dfb534f0..4d1ddc5dca 100644
--- a/website/docs/add-secure-apps/flows-stages/stages/authenticator_validate/index.md
+++ b/website/docs/add-secure-apps/flows-stages/stages/authenticator_validate/index.mdx
@@ -4,11 +4,11 @@ title: Authenticator validation stage
This stage validates an already configured Authenticator Device. This device has to be configured using any of the other authenticator stages:
-- [Duo authenticator stage](../authenticator_duo/index.md)
-- [SMS authenticator stage](../authenticator_sms/index.md)
+- [Duo authenticator stage](../authenticator_duo/index.mdx)
+- [SMS authenticator stage](../authenticator_sms/index.mdx)
- [Static authenticator stage](../authenticator_static/index.md)
- [TOTP authenticator stage](../authenticator_totp/index.md)
-- [WebAuthn authenticator stage](../authenticator_webauthn/index.md)
+- [WebAuthn authenticator stage](../authenticator_webauthn/index.mdx)
You can select which type of device classes are allowed.
@@ -23,11 +23,11 @@ Keep in mind that when using Code-based devices (TOTP, Static and SMS), values l
### Options
-#### Less-frequent validation authentik 2022.5.1+
+#### Less-frequent validation
You can configure this stage to only ask for MFA validation if the user hasn't authenticated themselves within a defined time period. To configure this, set _Last validation threshold_ to any non-zero value. Any of the users devices within the selected classes are checked.
-#### Passwordless authentication authentik 2021.12.4+
+#### Passwordless authentication
:::caution
Firefox has some known issues regarding TouchID (see https://bugzilla.mozilla.org/show_bug.cgi?id=1536482)
@@ -68,7 +68,7 @@ Logins which used Passwordless authentication have the _auth_method_ context var
}
```
-#### WebAuthn Device type restrictions authentik 2024.4+
+#### WebAuthn Device type restrictions:ak-version[2024.4]
Optionally restrict which WebAuthn device types can be used to authenticate.
diff --git a/website/docs/add-secure-apps/flows-stages/stages/authenticator_webauthn/index.md b/website/docs/add-secure-apps/flows-stages/stages/authenticator_webauthn/index.mdx
similarity index 80%
rename from website/docs/add-secure-apps/flows-stages/stages/authenticator_webauthn/index.md
rename to website/docs/add-secure-apps/flows-stages/stages/authenticator_webauthn/index.mdx
index 7c47be1fbf..805d2e0122 100644
--- a/website/docs/add-secure-apps/flows-stages/stages/authenticator_webauthn/index.md
+++ b/website/docs/add-secure-apps/flows-stages/stages/authenticator_webauthn/index.mdx
@@ -12,13 +12,13 @@ Configure if authentik should require, prefer or discourage user verification fo
#### Resident key requirement
-Configure if the created authenticator is stored in the encrypted memory on the device or in persistent memory. When configuring [passwordless login](../identification/index.md#passwordless-flow), this should be set to either _Preferred_ or _Required_, otherwise the authenticator cannot be used for passwordless authentication.
+Configure if the created authenticator is stored in the encrypted memory on the device or in persistent memory. When configuring [passwordless login](../identification/index.mdx#passwordless-flow), this should be set to either _Preferred_ or _Required_, otherwise the authenticator cannot be used for passwordless authentication.
#### Authenticator Attachment
Configure if authentik will require either a removable device (like a YubiKey, Google Titan, etc) or a non-removable device (like Windows Hello, TouchID or password managers), or not send a requirement.
-#### Device type restrictions authentik 2024.4+
+#### Device type restrictions:ak-version[2024.4]
Optionally restrict the types of devices allowed to be enrolled. This option can be used to ensure users are only able to enroll FIPS-compliant devices for example.
diff --git a/website/docs/add-secure-apps/flows-stages/stages/identification/index.md b/website/docs/add-secure-apps/flows-stages/stages/identification/index.mdx
similarity index 86%
rename from website/docs/add-secure-apps/flows-stages/stages/identification/index.md
rename to website/docs/add-secure-apps/flows-stages/stages/identification/index.mdx
index 2993d645d2..2f1f255eca 100644
--- a/website/docs/add-secure-apps/flows-stages/stages/identification/index.md
+++ b/website/docs/add-secure-apps/flows-stages/stages/identification/index.mdx
@@ -30,13 +30,13 @@ To run a CAPTCHA process in the background while the user is entering their iden
These fields specify if and which flows are linked on the form. The enrollment flow is linked as `Need an account? Sign up.`, and the recovery flow is linked as `Forgot username or password?`.
-## Pretend user exists authentik 2024.2+
+## Pretend user exists:ak-version[2024.2]
When enabled, any user identifier will be accepted as valid (as long as they match the correct format, i.e. when [User fields](#user-fields) is set to only allow Emails, then the identifier still needs to be an Email). The stage will succeed and the flow will continue to the next stage. Stages like the [Password stage](../password/index.md) and [Email stage](../email/index.mdx) are aware of this "pretend" user and will behave the same as if the user would exist.
## Source settings
-Some sources (like the [OAuth Source](../../../../users-sources/sources/protocols/oauth/index.md) and [SAML Source](../../../../users-sources/sources/protocols/saml/index.md)) require user interaction. To make these sources available to users, they can be selected in the Identification stage settings, which will show them below the selected [user field](#user-fields).
+Some sources (like the [OAuth Source](../../../../users-sources/sources/protocols/oauth/index.mdx) and [SAML Source](../../../../users-sources/sources/protocols/saml/index.md)) require user interaction. To make these sources available to users, they can be selected in the Identification stage settings, which will show them below the selected [user field](#user-fields).
By default, sources are only shown with their icon, which can be changed with the _Show sources' labels_ option.
@@ -50,7 +50,7 @@ Starting with authentik 2023.5, when no user fields are selected and only one so
### Passwordless flow
-See [Passwordless authentication](../authenticator_validate/index.md#passwordless-authentication-authentik-2021124).
+See [Passwordless authentication](../authenticator_validate/index.mdx#passwordless-authentication).
### Enrollment flow
diff --git a/website/docs/add-secure-apps/flows-stages/stages/password/index.md b/website/docs/add-secure-apps/flows-stages/stages/password/index.md
index 08539322a7..583223088c 100644
--- a/website/docs/add-secure-apps/flows-stages/stages/password/index.md
+++ b/website/docs/add-secure-apps/flows-stages/stages/password/index.md
@@ -6,7 +6,7 @@ This is a generic password prompt which authenticates the current `pending_user`
## Passwordless login
-There are two different ways to configure passwordless authentication; you can follow the instructions [here](../authenticator_validate/index.md#passwordless-authentication-authentik-2021124) to allow users to directly authenticate with their authenticator (only supported for WebAuthn devices), or dynamically skip the password stage depending on the users device, which is documented here.
+There are two different ways to configure passwordless authentication; you can follow the instructions [here](../authenticator_validate/index.mdx#passwordless-authentication) to allow users to directly authenticate with their authenticator (only supported for WebAuthn devices), or dynamically skip the password stage depending on the users device, which is documented here.
Depending on what kind of device you want to require the user to have:
diff --git a/website/docs/add-secure-apps/flows-stages/stages/redirect/index.md b/website/docs/add-secure-apps/flows-stages/stages/redirect/index.md
index 17447b1dc1..826ea3276b 100644
--- a/website/docs/add-secure-apps/flows-stages/stages/redirect/index.md
+++ b/website/docs/add-secure-apps/flows-stages/stages/redirect/index.md
@@ -1,9 +1,6 @@
---
title: Redirect stage
----
-
-authentik 2024.12+
-
+authentik_version: "2024.12"
---
This stage's main purpose is to redirect the user to a new Flow while keeping flow context. For convenience, it can also redirect the user to a static URL.
@@ -16,6 +13,6 @@ When the user reaches this stage, they are redirected to a static URL.
### Flow mode
-When the user reaches this stage, they are redirected to a specified flow, retaining all [flow context](../../flow/context).
+When the user reaches this stage, they are redirected to a specified flow, retaining all [flow context](../../flow/context/index.mdx).
-Optionally, untoggle the "Keep flow context" switch. If this is untoggled, all flow context is cleared with the exception of the [is_redirected](../../flow/context#is_redirected-flow-object-authentik-202412) key.
+Optionally, untoggle the "Keep flow context" switch. If this is untoggled, all flow context is cleared with the exception of the [is_redirected](../../flow/context#is_redirected-flow-object) key.
diff --git a/website/docs/add-secure-apps/flows-stages/stages/source/index.md b/website/docs/add-secure-apps/flows-stages/stages/source/index.md
index cc5bc7330d..65c43ca936 100644
--- a/website/docs/add-secure-apps/flows-stages/stages/source/index.md
+++ b/website/docs/add-secure-apps/flows-stages/stages/source/index.md
@@ -1,13 +1,10 @@
---
title: Source stage
+authentik_version: "2024.4"
+authentik_enterprise: true
---
-Enterprise
-authentik 2024.4+
-
----
-
-The source stage injects an [OAuth](../../../../users-sources/sources/protocols/oauth/index.md) or [SAML](../../../../users-sources/sources/protocols/saml/index.md) Source into the flow execution. This allows for additional user verification, or to dynamically access different sources for different user identifiers (username, email address, etc).
+The source stage injects an [OAuth](../../../../users-sources/sources/protocols/oauth/index.mdx) or [SAML](../../../../users-sources/sources/protocols/saml/index.md) Source into the flow execution. This allows for additional user verification, or to dynamically access different sources for different user identifiers (username, email address, etc).
```mermaid
sequenceDiagram
@@ -44,13 +41,13 @@ This stage can be used to leverage an external OAuth/SAML identity provider.
For example, you can authenticate users by routing them through a custom device-health solution.
-Another use case is to route users to authenticate with your legacy (Okta, etc) IdP and then use the returned identity and attributes within authentik as part of an authorization flow, for example as part of an IdP migration. For authentication/enrollment this is also possible with an [OAuth](../../../../users-sources/sources/protocols/oauth/index.md)/[SAML](../../../../users-sources/sources/protocols/saml/index.md) source by itself.
+Another use case is to route users to authenticate with your legacy (Okta, etc) IdP and then use the returned identity and attributes within authentik as part of an authorization flow, for example as part of an IdP migration. For authentication/enrollment this is also possible with an [OAuth](../../../../users-sources/sources/protocols/oauth/index.mdx)/[SAML](../../../../users-sources/sources/protocols/saml/index.md) source by itself.
### Options
#### Source
-The source the user is redirected to. Must be a web-based source, such as [OAuth](../../../../users-sources/sources/protocols/oauth/index.md) or [SAML](../../../../users-sources/sources/protocols/saml/index.md). Sources like [LDAP](../../../../users-sources/sources/protocols/ldap/index.md) are _not_ compatible.
+The source the user is redirected to. Must be a web-based source, such as [OAuth](../../../../users-sources/sources/protocols/oauth/index.mdx) or [SAML](../../../../users-sources/sources/protocols/saml/index.md). Sources like [LDAP](../../../../users-sources/sources/protocols/ldap/index.md) are _not_ compatible.
#### Resume timeout
diff --git a/website/docs/add-secure-apps/providers/entra/add-entra-provider.md b/website/docs/add-secure-apps/providers/entra/add-entra-provider.md
index 16c7f330bb..e82f4941d9 100644
--- a/website/docs/add-secure-apps/providers/entra/add-entra-provider.md
+++ b/website/docs/add-secure-apps/providers/entra/add-entra-provider.md
@@ -1,9 +1,6 @@
---
title: Add an Entra ID provider
----
-
-Enterprise
-
+authentik_enterprise: true
---
For more information about using an Entra ID provider, see the [Overview](./index.md) documentation.
diff --git a/website/docs/add-secure-apps/providers/entra/index.md b/website/docs/add-secure-apps/providers/entra/index.md
index efcf163e62..5e8123c2d0 100644
--- a/website/docs/add-secure-apps/providers/entra/index.md
+++ b/website/docs/add-secure-apps/providers/entra/index.md
@@ -1,9 +1,6 @@
---
title: Microsoft Entra ID provider
----
-
-Enterprise
-
+authentik_enterprise: true
---
With the Microsoft Entra ID provider, authentik serves as the single source of truth for all users and groups. Configuring Entra ID as a provider allows for auto-discovery of user and group accounts, on-going synchronization of user data such as email address, name, and status, and integrated data mapping of field names and values.
diff --git a/website/docs/add-secure-apps/providers/entra/setup-entra.md b/website/docs/add-secure-apps/providers/entra/setup-entra.md
index 868b813a07..ed2cef8126 100644
--- a/website/docs/add-secure-apps/providers/entra/setup-entra.md
+++ b/website/docs/add-secure-apps/providers/entra/setup-entra.md
@@ -1,9 +1,6 @@
---
title: Configure Entra ID
----
-
-Enterprise
-
+authentik_enterprise: true
---
The configuration of your Microsoft Entra ID environment must be completed before you [add the new provider](./add-entra-provider.md) in authentik.
diff --git a/website/docs/add-secure-apps/providers/gws/add-gws-provider.md b/website/docs/add-secure-apps/providers/gws/add-gws-provider.md
index 6f1941a9c7..e2232087b5 100644
--- a/website/docs/add-secure-apps/providers/gws/add-gws-provider.md
+++ b/website/docs/add-secure-apps/providers/gws/add-gws-provider.md
@@ -1,9 +1,6 @@
---
title: Create a Google Workspace provider
----
-
-Enterprise
-
+authentik_enterprise: true
---
For more information about using a Google Workspace provider, see the [Overview](./index.md) documentation.
diff --git a/website/docs/add-secure-apps/providers/gws/index.md b/website/docs/add-secure-apps/providers/gws/index.md
index b92ae79f1a..004e9a40fd 100644
--- a/website/docs/add-secure-apps/providers/gws/index.md
+++ b/website/docs/add-secure-apps/providers/gws/index.md
@@ -1,9 +1,6 @@
---
title: Google Workspace provider
----
-
-Enterprise
-
+authentik_enterprise: true
---
With the Google Workspace provider, authentik serves as the single source of truth for all users and groups, when using Google products like Gmail.
diff --git a/website/docs/add-secure-apps/providers/gws/setup-gws.md b/website/docs/add-secure-apps/providers/gws/setup-gws.md
index cb50bf3b8f..5d9053ddd3 100644
--- a/website/docs/add-secure-apps/providers/gws/setup-gws.md
+++ b/website/docs/add-secure-apps/providers/gws/setup-gws.md
@@ -1,9 +1,6 @@
---
title: Configure Google Workspace
----
-
-Enterprise
-
+authentik_enterprise: true
---
The configuration and set up of your Google Workspace must be completed before you [add the new provider](./add-gws-provider.md) in authentik.
diff --git a/website/docs/add-secure-apps/providers/index.mdx b/website/docs/add-secure-apps/providers/index.mdx
index b88c6aad57..dd9c478516 100644
--- a/website/docs/add-secure-apps/providers/index.mdx
+++ b/website/docs/add-secure-apps/providers/index.mdx
@@ -9,9 +9,9 @@ A Provider is an authentication method, a service that is used by authentik to a
Providers are the "other half" of [applications](../applications/index.md). They typically exist in a 1-to-1 relationship; each application needs a provider and every provider can be used with one application.
-Applications can use additional providers to augment the functionality of the main provider. For more information, see [Backchannel providers](../applications/manage_apps.md#backchannel-providers).
+Applications can use additional providers to augment the functionality of the main provider. For more information, see [Backchannel providers](../applications/manage_apps.mdx#backchannel-providers).
-You can create a new provider in the Admin interface, or you can use the [Application wizard](../applications/manage_apps.md#instructions) to create a new application and its provider at the same time.
+You can create a new provider in the Admin interface, or you can use the [Application wizard](../applications/manage_apps.mdx#instructions) to create a new application and its provider at the same time.
When you create certain types of providers, you need to select specific [flows](../flows-stages/flow/index.md) to apply to users who access authentik via the provider. To learn more, refer to our [default flow documentation](../flows-stages/flow/examples/default_flows.md).
diff --git a/website/docs/add-secure-apps/providers/ldap/index.md b/website/docs/add-secure-apps/providers/ldap/index.md
index ae3232eeec..a420a0fc6b 100644
--- a/website/docs/add-secure-apps/providers/ldap/index.md
+++ b/website/docs/add-secure-apps/providers/ldap/index.md
@@ -78,9 +78,9 @@ All bind modes rely on flows.
The following stages are supported:
-- [Identification](../../flows-stages/stages/identification/index.md)
+- [Identification](../../flows-stages/stages/identification/index.mdx)
- [Password](../../flows-stages/stages/password/index.md)
-- [Authenticator validation](../../flows-stages/stages/authenticator_validate/index.md)
+- [Authenticator validation](../../flows-stages/stages/authenticator_validate/index.mdx)
Note: Authenticator validation currently only supports DUO, TOTP and static authenticators.
diff --git a/website/docs/add-secure-apps/providers/oauth2/client_credentials.md b/website/docs/add-secure-apps/providers/oauth2/client_credentials.mdx
similarity index 95%
rename from website/docs/add-secure-apps/providers/oauth2/client_credentials.md
rename to website/docs/add-secure-apps/providers/oauth2/client_credentials.mdx
index 2b1a2da430..0097e43a61 100644
--- a/website/docs/add-secure-apps/providers/oauth2/client_credentials.md
+++ b/website/docs/add-secure-apps/providers/oauth2/client_credentials.mdx
@@ -30,7 +30,7 @@ In addition to that, with authentik 2024.4 it is also possible to pass the confi
### JWT-authentication
-#### Externally issued JWTs authentik 2022.4+
+#### Externally issued JWTs
You can authenticate and get a token using an existing JWT. For readability we will refer to the JWT issued by the external issuer/platform as input JWT, and the resulting JWT from authentik as the output JWT.
@@ -59,7 +59,7 @@ To dynamically limit access based on the claims of the tokens, you can use _[Exp
return request.context["oauth_jwt"]["iss"] == "https://my.issuer"
```
-#### authentik-issued JWTs authentik 2024.12+
+#### authentik-issued JWTs:ak-version[2024.12]
To allow federation between providers, modify the provider settings of the application (whose token will be used for authentication) to select the provider of the application to which you want to federate.
diff --git a/website/docs/add-secure-apps/providers/oauth2/index.md b/website/docs/add-secure-apps/providers/oauth2/index.mdx
similarity index 99%
rename from website/docs/add-secure-apps/providers/oauth2/index.md
rename to website/docs/add-secure-apps/providers/oauth2/index.mdx
index 9eafa38511..a07a9b3626 100644
--- a/website/docs/add-secure-apps/providers/oauth2/index.md
+++ b/website/docs/add-secure-apps/providers/oauth2/index.mdx
@@ -112,7 +112,7 @@ The Hybrid Flow is an OpenID Connect flow that incorporates traits of both the I
The client credentials flow and grant types are typically implemented for server-to-server scenarios, when code in a web application invokes a web API.
-For more information, see [Machine-to-machine authentication](./client_credentials.md).
+For more information, see [Machine-to-machine authentication](./client_credentials.mdx).
### 3. Device code
@@ -176,6 +176,6 @@ When a _Signing Key_ is selected in the provider, the JWT will be signed asymmet
When no _Signing Key_ is selected, the JWT will be signed symmetrically with the _Client secret_ of the provider, which can be seen in the provider settings.
-### Encryption authentik 2024.10+
+### Encryption:ak-version[2024.10]
authentik can also encrypt JWTs (turning them into JWEs) it issues by selecting an _Encryption Key_ in the provider. When selected, all JWTs will be encrypted symmetrically using the selected certificate. authentik uses the `RSA-OAEP-256` algorithm with the `A256CBC-HS512` encryption method.
diff --git a/website/docs/add-secure-apps/providers/property-mappings/expression.mdx b/website/docs/add-secure-apps/providers/property-mappings/expression.mdx
index f1a12160bd..1dd6086ed4 100644
--- a/website/docs/add-secure-apps/providers/property-mappings/expression.mdx
+++ b/website/docs/add-secure-apps/providers/property-mappings/expression.mdx
@@ -6,7 +6,7 @@ The property mapping should return a value that is expected by the provider. Sup
## Available Functions
-import Functions from "../../../expressions/_functions.md";
+import Functions from "../../../expressions/_functions.mdx";
diff --git a/website/docs/add-secure-apps/providers/proxy/_caddy_standalone.md b/website/docs/add-secure-apps/providers/proxy/_caddy_standalone.md
index 83582dd632..f295021185 100644
--- a/website/docs/add-secure-apps/providers/proxy/_caddy_standalone.md
+++ b/website/docs/add-secure-apps/providers/proxy/_caddy_standalone.md
@@ -1,6 +1,6 @@
Use the following configuration:
-```
+```apacheconf
app.company {
# directive execution order is only as stated if enclosed with route.
route {
@@ -26,7 +26,7 @@ app.company {
If you're trying to proxy to an upstream over HTTPS, you need to set the `Host` header to the value they expect for it to work correctly.
-```
+```conf
reverse_proxy /outpost.goauthentik.io/* https://outpost.company {
header_up Host {http.reverse_proxy.upstream.hostport}
}
diff --git a/website/docs/add-secure-apps/providers/proxy/_nginx_proxy_manager.md b/website/docs/add-secure-apps/providers/proxy/_nginx_proxy_manager.md
index f584bb6e89..5036e2e5d3 100644
--- a/website/docs/add-secure-apps/providers/proxy/_nginx_proxy_manager.md
+++ b/website/docs/add-secure-apps/providers/proxy/_nginx_proxy_manager.md
@@ -1,4 +1,4 @@
-```
+```nginx
# Increase buffer size for large headers
# This is needed only if you get 'upstream sent too big header while reading response
# header from upstream' error when trying to access an application protected by goauthentik
diff --git a/website/docs/add-secure-apps/providers/proxy/_nginx_standalone.md b/website/docs/add-secure-apps/providers/proxy/_nginx_standalone.md
index 3e1cc87fe6..8554e836c8 100644
--- a/website/docs/add-secure-apps/providers/proxy/_nginx_standalone.md
+++ b/website/docs/add-secure-apps/providers/proxy/_nginx_standalone.md
@@ -1,4 +1,4 @@
-```
+```nginx
# Upgrade WebSocket if requested, otherwise use keepalive
map $http_upgrade $connection_upgrade_keepalive {
default upgrade;
diff --git a/website/docs/add-secure-apps/providers/proxy/header_authentication.md b/website/docs/add-secure-apps/providers/proxy/header_authentication.mdx
similarity index 89%
rename from website/docs/add-secure-apps/providers/proxy/header_authentication.md
rename to website/docs/add-secure-apps/providers/proxy/header_authentication.mdx
index d3b04ae85c..656828fab4 100644
--- a/website/docs/add-secure-apps/providers/proxy/header_authentication.md
+++ b/website/docs/add-secure-apps/providers/proxy/header_authentication.mdx
@@ -25,9 +25,9 @@ By default, when _Intercept header authentication_ is enabled, authentik will in
If the proxied application requires usage of the "Authorization" header, the setting should be disabled. When this setting is disabled, authentik will still attempt to interpret the "Authorization" header, and fall back to the default behaviour if it can't.
-### Receiving HTTP Basic authentication authentik 2023.1+
+### Receiving HTTP Basic authentication
-Proxy providers can receive HTTP basic authentication credentials. The password is expected to be an _App password_, as the credentials are used internally with the [OAuth2 machine-to-machine authentication flow](../oauth2/client_credentials.md).
+Proxy providers can receive HTTP basic authentication credentials. The password is expected to be an _App password_, as the credentials are used internally with the [OAuth2 machine-to-machine authentication flow](../oauth2/client_credentials.mdx).
Access control is done with the policies bound to the application being accessed.
@@ -39,9 +39,9 @@ It is **strongly** recommended that the client sending requests with HTTP-Basic
Starting with authentik 2023.2, logging in with the reserved username `goauthentik.io/token` will behave as if a bearer token was used. All the same options as below apply. This is to allow token-based authentication for applications which might only support basic authentication.
-### Receiving HTTP Bearer authentication authentik 2023.1+
+### Receiving HTTP Bearer authentication
-Proxy providers can receive HTTP bearer authentication credentials. The token is expected to be a JWT token issued for the proxy provider. This is described [here](../oauth2/client_credentials.md), using the _client_id_ value shown in the admin interface. Both static and JWT authentication methods are supported.
+Proxy providers can receive HTTP bearer authentication credentials. The token is expected to be a JWT token issued for the proxy provider. This is described [here](../oauth2/client_credentials.mdx), using the _client_id_ value shown in the admin interface. Both static and JWT authentication methods are supported.
Access control is done with the policies bound to the application being accessed.
diff --git a/website/docs/add-secure-apps/providers/proxy/server_caddy.mdx b/website/docs/add-secure-apps/providers/proxy/server_caddy.mdx
index 75b115969b..c4c5968f1f 100644
--- a/website/docs/add-secure-apps/providers/proxy/server_caddy.mdx
+++ b/website/docs/add-secure-apps/providers/proxy/server_caddy.mdx
@@ -1,17 +1,14 @@
---
title: Caddy
-hide_title: true
---
import Tabs from "@theme/Tabs";
import TabItem from "@theme/TabItem";
-
-# Caddy authentik 2022.8+
+import Placeholders from "./__placeholders.md";
+import CaddyStandalone from "./_caddy_standalone.md";
The configuration template shown below apply to both single-application and domain-level forward auth.
-import Placeholders from "./__placeholders.md";
-
-import CaddyStandalone from "./_caddy_standalone.md";
-
diff --git a/website/docs/add-secure-apps/providers/proxy/server_envoy.mdx b/website/docs/add-secure-apps/providers/proxy/server_envoy.mdx
index 62b653da62..fe2d4373d3 100644
--- a/website/docs/add-secure-apps/providers/proxy/server_envoy.mdx
+++ b/website/docs/add-secure-apps/providers/proxy/server_envoy.mdx
@@ -1,12 +1,13 @@
---
title: Envoy
-hide_title: true
---
import Tabs from "@theme/Tabs";
import TabItem from "@theme/TabItem";
+import Placeholders from "./__placeholders.md";
+import EnvoyIstio from "./_envoy_istio.md";
-# Envoy authentik 2022.6+
+# Envoy
The configuration template shown below apply to both single-application and domain-level forward auth.
@@ -14,20 +15,18 @@ The configuration template shown below apply to both single-application and doma
If you are using Istio and Kubernetes, use the port number that is exposed for your cluster.
:::
-import Placeholders from "./__placeholders.md";
-
-
-
-import EnvoyIstio from "./_envoy_istio.md";
-
-
-
-
+ defaultValue="envoy-istio"
+ values={[
+ {
+ label: "Envoy (Istio)",
+ value: "envoy-istio",
+ },
+ ]}
+>
+
+
+
diff --git a/website/docs/add-secure-apps/providers/rac/how-to-rac.md b/website/docs/add-secure-apps/providers/rac/how-to-rac.md
index c378b2cbe9..5f41bef2ff 100644
--- a/website/docs/add-secure-apps/providers/rac/how-to-rac.md
+++ b/website/docs/add-secure-apps/providers/rac/how-to-rac.md
@@ -26,7 +26,7 @@ The first step is to create the RAC app and provider.
2. In the Admin interface, navigate to **Applications -> Applications**.
-3. Click **Create with Wizard**. Follow the [instructions](../../applications/manage_apps.md#instructions) to create your RAC application and provider.
+3. Click **Create with Wizard**. Follow the [instructions](../../applications/manage_apps.mdx#instructions) to create your RAC application and provider.
### Step 2. Create RAC property mapping
diff --git a/website/docs/add-secure-apps/providers/rac/index.md b/website/docs/add-secure-apps/providers/rac/index.md
index 51a0910edc..35cd36a59c 100644
--- a/website/docs/add-secure-apps/providers/rac/index.md
+++ b/website/docs/add-secure-apps/providers/rac/index.md
@@ -1,9 +1,6 @@
---
title: Remote Access Control (RAC) Provider
----
-
-Enterprise
-
+authentik_enterprise: true
---
:::info
diff --git a/website/docs/add-secure-apps/providers/radius/index.mdx b/website/docs/add-secure-apps/providers/radius/index.mdx
index b0cdf9045b..29efeb1567 100644
--- a/website/docs/add-secure-apps/providers/radius/index.mdx
+++ b/website/docs/add-secure-apps/providers/radius/index.mdx
@@ -18,9 +18,9 @@ Authentication requests against the Radius Server use a flow in the background.
The following stages are supported:
-- [Identification](../../flows-stages/stages/identification/index.md)
+- [Identification](../../flows-stages/stages/identification/index.mdx)
- [Password](../../flows-stages/stages/password/index.md)
-- [Authenticator validation](../../flows-stages/stages/authenticator_validate/index.md)
+- [Authenticator validation](../../flows-stages/stages/authenticator_validate/index.mdx)
Note: Authenticator validation currently only supports DUO, TOTP, and static authenticators.
diff --git a/website/docs/customize/blueprints/export.md b/website/docs/customize/blueprints/export.mdx
similarity index 94%
rename from website/docs/customize/blueprints/export.md
rename to website/docs/customize/blueprints/export.mdx
index 2a3b213838..7d6b9f6466 100644
--- a/website/docs/customize/blueprints/export.md
+++ b/website/docs/customize/blueprints/export.mdx
@@ -2,7 +2,7 @@
title: Export
---
-## Global export authentik 2022.8.2+
+## Global export
To migrate existing configurations to blueprints, run `ak export_blueprint` within any authentik Worker container. This will output a blueprint for most currently created objects. Some objects will not be exported as they might have dependencies on other things.
diff --git a/website/docs/customize/blueprints/index.md b/website/docs/customize/blueprints/index.mdx
similarity index 96%
rename from website/docs/customize/blueprints/index.md
rename to website/docs/customize/blueprints/index.mdx
index 3176dd4181..99e8f27a8e 100644
--- a/website/docs/customize/blueprints/index.md
+++ b/website/docs/customize/blueprints/index.mdx
@@ -2,10 +2,6 @@
title: Blueprints
---
-authentik 2022.8+
-
----
-
Blueprints offer a new way to template, automate and distribute authentik configuration. Blueprints can be used to automatically configure instances, manage config as code without any external tools, and to distribute application configs.
## Types
@@ -58,7 +54,7 @@ To push a blueprint to an OCI-compatible registry, [ORAS](https://oras.land/) ca
oras push ghcr.io//blueprint/:latest :application/vnd.goauthentik.blueprint.v1+yaml
```
-## Storage - Internal authentik 2023.1+
+## Storage - Internal
Blueprints can be stored in authentik's database, which allows blueprints to be managed via external configuration management tools like Terraform.
diff --git a/website/docs/customize/blueprints/v1/models.md b/website/docs/customize/blueprints/v1/models.mdx
similarity index 85%
rename from website/docs/customize/blueprints/v1/models.md
rename to website/docs/customize/blueprints/v1/models.mdx
index 37033739aa..617470087a 100644
--- a/website/docs/customize/blueprints/v1/models.md
+++ b/website/docs/customize/blueprints/v1/models.mdx
@@ -4,7 +4,7 @@ Some models behave differently and allow for access to different API fields when
## `authentik_core.token`
-### `key` authentik 2023.4+
+### `key`
Via the standard API, a token's key cannot be changed, it can only be rotated. This is to ensure a high entropy in it's key, and to prevent insecure data from being used. However, when provisioning tokens via a blueprint, it may be required to set a token to an existing value.
@@ -26,7 +26,7 @@ For example:
## `authentik_core.user`
-### `password` authentik 2023.6+
+### `password`
Via the standard API, a user's password can only be set via the separate `/api/v3/core/users//set_password/` endpoint. In blueprints, the password of a user can be set using the `password` field.
@@ -45,7 +45,7 @@ For example:
password: this-should-be-a-long-value
```
-### `permissions` authentik 2024.8+
+### `permissions`:ak-version[2024.8]
The `permissions` field can be used to set global permissions for a user. A full list of possible permissions is included in the JSON schema for blueprints.
@@ -63,7 +63,7 @@ For example:
## `authentik_core.application`
-### `icon` authentik 2023.5+
+### `icon`
Application icons can be directly set to URLs with the `icon` field.
@@ -81,7 +81,7 @@ For example:
## `authentik_sources_oauth.oauthsource`, `authentik_sources_saml.samlsource`, `authentik_sources_plex.plexsource`
-### `icon` authentik 2023.5+
+### `icon`
Source icons can be directly set to URLs with the `icon` field.
@@ -99,7 +99,7 @@ For example:
## `authentik_flows.flow`
-### `icon` authentik 2023.5+
+### `icon`
Flow backgrounds can be directly set to URLs with the `background` field.
@@ -119,7 +119,7 @@ For example:
## `authentik_rbac.role`
-### `permissions` authentik 2024.8+
+### `permissions`:ak-version[2024.8]
The `permissions` field can be used to set global permissions for a role. A full list of possible permissions is included in the JSON schema for blueprints.
diff --git a/website/docs/customize/blueprints/v1/tags.md b/website/docs/customize/blueprints/v1/tags.mdx
similarity index 99%
rename from website/docs/customize/blueprints/v1/tags.md
rename to website/docs/customize/blueprints/v1/tags.mdx
index e0c325fc4d..0be95dbdf1 100644
--- a/website/docs/customize/blueprints/v1/tags.md
+++ b/website/docs/customize/blueprints/v1/tags.mdx
@@ -4,7 +4,7 @@ To use the custom tags with your preferred editor, you must make the editor awar
For VS Code, for example, add these entries to your `settings.json`:
-```
+```json
{
"yaml.customTags": [
"!Condition sequence",
@@ -301,7 +301,7 @@ The above example will resolve to something like this:
- "bar: (index: 2, letter: r)"
```
-#### `!AtIndex` authentik 2024.12+
+#### `!AtIndex`:ak-version[2024.12]
Minimal example:
diff --git a/website/docs/customize/policies/expression.mdx b/website/docs/customize/policies/expression.mdx
index de35397cd8..756ae1f203 100644
--- a/website/docs/customize/policies/expression.mdx
+++ b/website/docs/customize/policies/expression.mdx
@@ -42,7 +42,7 @@ ak_message("Access denied")
return False
```
-import Functions from "../../expressions/_functions.md";
+import Functions from "../../expressions/_functions.mdx";
@@ -119,7 +119,7 @@ This includes the following:
- `context['prompt_data']`: Data which has been saved from a prompt stage or an external source. (Optional)
- `context['application']`: The application the user is in the process of authorizing. (Optional)
- `context['source']`: The source the user is authenticating/enrolling with. (Optional)
-- `context['pending_user']`: The currently pending user, see [User](../../users-sources/user/user_ref.md)
+- `context['pending_user']`: The currently pending user, see [User](../../users-sources/user/user_ref.mdx)
- `context['is_restored']`: Contains the flow token when the flow plan was restored from a link, for example the user clicked a link to a flow which was sent by an email stage. (Optional)
- `context['auth_method']`: Authentication method (this value is set by password stages) (Optional)
diff --git a/website/docs/customize/policies/expression/managing_flow_context_keys.md b/website/docs/customize/policies/expression/managing_flow_context_keys.md
index 16a7528026..cb797a4c3a 100644
--- a/website/docs/customize/policies/expression/managing_flow_context_keys.md
+++ b/website/docs/customize/policies/expression/managing_flow_context_keys.md
@@ -2,7 +2,7 @@
title: Managing flow context keys
---
-[Flow context](../../../add-secure-apps/flows-stages/flow/context/index.md) can be managed in [Expression policies](../expression.mdx) via the `context['flow_plan'].context` variable.
+[Flow context](../../../add-secure-apps/flows-stages/flow/context/index.mdx) can be managed in [Expression policies](../expression.mdx) via the `context['flow_plan'].context` variable.
Here's an example of setting a key in an Expression policy:
diff --git a/website/docs/customize/policies/working_with_policies.md b/website/docs/customize/policies/working_with_policies.md
index 662048b0ce..0dcb9d47cc 100644
--- a/website/docs/customize/policies/working_with_policies.md
+++ b/website/docs/customize/policies/working_with_policies.md
@@ -8,7 +8,7 @@ authentik provides several [standard policy types](./index.md#standard-policies)
We also document how to use a policy to [whitelist email domains](./expression/whitelist_email.md) and to [ensure unique email addresses](./expression/unique_email.md).
-To learn more see also [bindings](../../add-secure-apps/flows-stages/bindings/index.md) and how to use the [authentik Wizard to bind policy bindings to the new application](../../add-secure-apps/applications/manage_apps.md#add-new-applications) (for example, to configure application-specific access).
+To learn more see also [bindings](../../add-secure-apps/flows-stages/bindings/index.md) and how to use the [authentik Wizard to bind policy bindings to the new application](../../add-secure-apps/applications/manage_apps.mdx#add-new-applications) (for example, to configure application-specific access).
## Create a policy
diff --git a/website/docs/enterprise/get-started.md b/website/docs/enterprise/get-started.md
index 1e4bc2dd00..c8446d6e6a 100644
--- a/website/docs/enterprise/get-started.md
+++ b/website/docs/enterprise/get-started.md
@@ -15,7 +15,7 @@ If this is a fresh install, refer to our [technical documentation](../install-co
## Access Enterprise
-Access your Enterprise features by first [purchasing a license](./manage-enterprise.md#buy-a-license) for the organization.
+Access your Enterprise features by first [purchasing a license](./manage-enterprise.mdx#buy-a-license) for the organization.
To open the Customer Portal and buy a license, go to the Admin interface and in the left pane, navigate to **Enterprise -> Licenses**, and then click **Go to Customer Portal**.
diff --git a/website/docs/enterprise/index.md b/website/docs/enterprise/index.md
index 7e94b39727..90033bdb86 100644
--- a/website/docs/enterprise/index.md
+++ b/website/docs/enterprise/index.md
@@ -7,7 +7,7 @@ The Enterprise release of authentik provides all of the functionality that we ha
Refer to our Enterprise documentation for information about creating and managing your organization, purchasing and activating a license, support, and managing billing and organization members.
- [Get started with Enterprise](./get-started.md)
-- [Manage your Enterprise account](./manage-enterprise.md)
+- [Manage your Enterprise account](./manage-enterprise.mdx)
- [Support for Enterprise accounts](./entsupport.md)
Our standard technical documentation covers how to configure, customize, and use authentik, whether the open source version that we have built our reputation on or our Enterprise version with dedicated support.
diff --git a/website/docs/enterprise/manage-enterprise.md b/website/docs/enterprise/manage-enterprise.mdx
similarity index 98%
rename from website/docs/enterprise/manage-enterprise.md
rename to website/docs/enterprise/manage-enterprise.mdx
index 8a02774019..88d1ce3e2e 100644
--- a/website/docs/enterprise/manage-enterprise.md
+++ b/website/docs/enterprise/manage-enterprise.mdx
@@ -109,7 +109,7 @@ The following events occur when a license expires or the internal/external user
- Users can authenticate and authorize applications
- Licenses can be modified
- - Users can be modified/deleted authentik 2024.10.5+
+ - Users can be modified/deleted:ak-version[2024.10.5]
After the violation is corrected (either the user count returns to be within the limits of the license or the license is renewed), authentik will return to the standard read-write mode and the notification will disappear.
diff --git a/website/docs/expressions/_functions.md b/website/docs/expressions/_functions.mdx
similarity index 89%
rename from website/docs/expressions/_functions.md
rename to website/docs/expressions/_functions.mdx
index be9fabf509..ad86c3642f 100644
--- a/website/docs/expressions/_functions.md
+++ b/website/docs/expressions/_functions.mdx
@@ -29,7 +29,7 @@ user = list_flatten(["foo"])
# user = "foo"
```
-### `ak_call_policy(name: str, **kwargs) -> PolicyResult` authentik 2021.12+
+### `ak_call_policy(name: str, **kwargs) -> PolicyResult`
Call another policy with the name _name_. Current request is passed to policy. Key-word arguments
can be used to modify the request's context.
@@ -70,7 +70,7 @@ Example:
other_user = ak_user_by(username="other_user")
```
-### `ak_user_has_authenticator(user: User, device_type: Optional[str] = None) -> bool` authentik 2022.9+
+### `ak_user_has_authenticator(user: User, device_type: Optional[str] = None) -> bool`
Check if a user has any authenticator devices. Only fully validated devices are counted.
@@ -87,7 +87,7 @@ Example:
return ak_user_has_authenticator(request.user)
```
-### `ak_create_event(action: str, **kwargs) -> None` authentik 2022.9+
+### `ak_create_event(action: str, **kwargs) -> None`
Create a new event with the action set to `action`. Any additional key-word parameters will be saved in the event context. Additionally, `context` will be set to the context in which this function is called.
@@ -101,7 +101,7 @@ Example:
ak_create_event("my_custom_event", foo=request.user)
```
-### `ak_create_jwt(user: User, provider: OAuth2Provider | str, scopes: list[str], validity = "seconds=60") -> str | None` authentik 2025.2+
+### `ak_create_jwt(user: User, provider: OAuth2Provider | str, scopes: list[str], validity = "seconds=60") -> str | None`:ak-version[2025.2]
Create a new JWT signed by the given `provider` for `user`.
@@ -136,7 +136,7 @@ ip_address('192.0.2.1') in ip_network('192.0.2.0/24')
# evaluates to True
```
-## DNS resolution and reverse DNS lookups authentik 2023.3+
+## DNS resolution and reverse DNS lookups
To resolve a hostname to a list of IP addresses, use the functions `resolve_dns(hostname)` and `resolve_dns(hostname, ip_version)`.
diff --git a/website/docs/expressions/_user.md b/website/docs/expressions/_user.md
index 5722c8c3c3..1c39a84bc9 100644
--- a/website/docs/expressions/_user.md
+++ b/website/docs/expressions/_user.md
@@ -1,4 +1,4 @@
-- `user`: The current user. This may be `None` if there is no contextual user. See [User](../users-sources/user/user_ref.md#object-properties).
+- `user`: The current user. This may be `None` if there is no contextual user. See [User](../users-sources/user/user_ref.mdx#object-properties).
Example:
diff --git a/website/docs/install-config/automated-install.md b/website/docs/install-config/automated-install.mdx
similarity index 68%
rename from website/docs/install-config/automated-install.md
rename to website/docs/install-config/automated-install.mdx
index 98e2978281..348ea642f4 100644
--- a/website/docs/install-config/automated-install.md
+++ b/website/docs/install-config/automated-install.mdx
@@ -8,30 +8,30 @@ To install authentik automatically (skipping the Out-of-box experience), you can
Configure the default password for the `akadmin` user. Only read on the first startup. Can be used for any flow executor.
-### `AUTHENTIK_BOOTSTRAP_TOKEN` authentik 2021.8+
+### `AUTHENTIK_BOOTSTRAP_TOKEN`
Create a token for the default `akadmin` user. Only read on the first startup. The string you specify for this variable is the token key you can use to authenticate yourself to the API.
-### `AUTHENTIK_BOOTSTRAP_EMAIL` authentik 2023.3+
+### `AUTHENTIK_BOOTSTRAP_EMAIL`
Set the email address for the default `akadmin` user.
## Kubernetes
-In the Helm values, set the `akadmin`user password and token:
+In the Helm values, set the `akadmin` user password and token:
-```text
+```yaml
authentik:
- bootstrap_token: test
- bootstrap_password: test
+ bootstrap_token: test
+ bootstrap_password: test
```
To store the password and token in a secret, use:
-```text
+```yaml
envFrom:
- - secretRef:
- name: _some-secret_
+ - secretRef:
+ name: _some-secret_
```
where _some-secret_ contains the environment variables as in the documentation above.
diff --git a/website/docs/install-config/configuration/configuration.mdx b/website/docs/install-config/configuration/configuration.mdx
index f8cef7a69f..dd8139672d 100644
--- a/website/docs/install-config/configuration/configuration.mdx
+++ b/website/docs/install-config/configuration/configuration.mdx
@@ -82,7 +82,7 @@ To check if your config has been applied correctly, you can run the following co
The PostgreSQL settings `HOST`, `PORT`, `USER`, and `PASSWORD` support hot-reloading. Adding and removing read replicas doesn't support hot-reloading.
-- `AUTHENTIK_POSTGRESQL__DEFAULT_SCHEMA` authentik 2024.12+
+- `AUTHENTIK_POSTGRESQL__DEFAULT_SCHEMA`:ak-version[2024.12]
The name of the schema used by default in the database. Defaults to `public`.
@@ -151,7 +151,7 @@ Additionally, you can set `AUTHENTIK_POSTGRESQL__CONN_HEALTH_CHECK` to perform h
- `AUTHENTIK_CACHE__TIMEOUT_REPUTATION`: Timeout for cached reputation until they expire in seconds, defaults to 300
:::info
- `AUTHENTIK_CACHE__TIMEOUT_REPUTATION` only applies to the cache expiry, see [`AUTHENTIK_REPUTATION__EXPIRY`](#authentik_reputation__expiry-authentik-202382) to control how long reputation is persisted for.
+ `AUTHENTIK_CACHE__TIMEOUT_REPUTATION` only applies to the cache expiry, see [`AUTHENTIK_REPUTATION__EXPIRY`](#authentik_reputation__expiry) to control how long reputation is persisted for.
:::
## Channel Layer Settings (inter-instance communication)
@@ -164,7 +164,7 @@ Additionally, you can set `AUTHENTIK_POSTGRESQL__CONN_HEALTH_CHECK` to perform h
- `AUTHENTIK_BROKER__TRANSPORT_OPTIONS`: Base64-encoded broker transport options
:::info
- `AUTHENTIK_REDIS__CACHE_TIMEOUT_REPUTATION` only applies to the cache expiry, see [`AUTHENTIK_REPUTATION__EXPIRY`](#authentik_reputation__expiry-authentik-202382) to control how long reputation is persisted for.
+ `AUTHENTIK_REDIS__CACHE_TIMEOUT_REPUTATION` only applies to the cache expiry, see [`AUTHENTIK_REPUTATION__EXPIRY`](#authentik_reputation__expiry) to control how long reputation is persisted for.
:::
## Listen Settings
@@ -327,47 +327,47 @@ Disable the inbuilt update-checker. Defaults to `false`.
- Kubeconfig
- Existence of a docker socket
-### `AUTHENTIK_LDAP__TASK_TIMEOUT_HOURS` authentik 2023.1+
+### `AUTHENTIK_LDAP__TASK_TIMEOUT_HOURS`
Timeout in hours for LDAP synchronization tasks.
Defaults to `2`.
-### `AUTHENTIK_LDAP__PAGE_SIZE` authentik 2023.6.1+
+### `AUTHENTIK_LDAP__PAGE_SIZE`
Page size for LDAP synchronization. Controls the number of objects created in a single task.
Defaults to `50`.
-### `AUTHENTIK_LDAP__TLS__CIPHERS` authentik 2022.7+
+### `AUTHENTIK_LDAP__TLS__CIPHERS`
Allows configuration of TLS Cliphers for LDAP connections used by LDAP sources. Setting applies to all sources.
Defaults to `null`.
-### `AUTHENTIK_REPUTATION__EXPIRY` authentik 2023.8.2+
+### `AUTHENTIK_REPUTATION__EXPIRY`
Configure how long reputation scores should be saved for in seconds. Note that this is different than [`AUTHENTIK_REDIS__CACHE_TIMEOUT_REPUTATION`](#redis-settings), as reputation is saved to the database every 5 minutes.
Defaults to `86400`.
-### `AUTHENTIK_SESSION_STORAGE` authentik 2024.4+
+### `AUTHENTIK_SESSION_STORAGE`:ak-version[2024.4]
Configure if the sessions are stored in the cache or the database. Defaults to `cache`. Allowed values are `cache` and `db`. Note that changing this value will invalidate all previous sessions.
-### `AUTHENTIK_WEB__WORKERS` authentik 2022.9+
+### `AUTHENTIK_WEB__WORKERS`
Configure how many gunicorn worker processes should be started (see https://docs.gunicorn.org/en/stable/design.html).
Defaults to 2. A value below 2 workers is not recommended. In environments where scaling with multiple replicas of the authentik server is not possible, this number can be increased to handle higher loads.
-### `AUTHENTIK_WEB__THREADS` authentik 2022.9+
+### `AUTHENTIK_WEB__THREADS`
Configure how many gunicorn threads a worker processes should have (see https://docs.gunicorn.org/en/stable/design.html).
Defaults to 4.
-### `AUTHENTIK_WORKER__CONCURRENCY` authentik 2023.9+
+### `AUTHENTIK_WORKER__CONCURRENCY`
Configure Celery worker concurrency for authentik worker (see https://docs.celeryq.dev/en/latest/userguide/configuration.html#worker-concurrency). This essentially defines the number of worker processes spawned for a single worker.
@@ -383,7 +383,7 @@ Configure the path under which authentik is serverd. For example to access authe
Defaults to `/`.
-## System settings authentik 2024.2+
+## System settings:ak-version[2024.2]
Additional settings are configurable using the Admin interface, under **System** -> **Settings** or using the API.
diff --git a/website/docs/install-config/index.mdx b/website/docs/install-config/index.mdx
index 7a457a127f..ee40c5ae31 100644
--- a/website/docs/install-config/index.mdx
+++ b/website/docs/install-config/index.mdx
@@ -4,7 +4,7 @@ title: Installation and Configuration
Everything you need to get authentik up and running!
-The installation process for our free open source version and our [Enterprise](../enterprise/index.md) version are exactly the same. For information about obtaining an Enterprise license, refer to [License management](../enterprise/manage-enterprise.md#license-management) documentation.
+The installation process for our free open source version and our [Enterprise](../enterprise/index.md) version are exactly the same. For information about obtaining an Enterprise license, refer to [License management](../enterprise/manage-enterprise.mdx#license-management) documentation.
For information about upgrading to a new version, refer to the Upgrade section in the relevant [Release Notes](../releases) and to our [Upgrade authentik](./upgrade.mdx) documentation.
diff --git a/website/docs/releases/2022/v2022.3.md b/website/docs/releases/2022/v2022.3.md
index 825c9605dd..157dd01f13 100644
--- a/website/docs/releases/2022/v2022.3.md
+++ b/website/docs/releases/2022/v2022.3.md
@@ -11,7 +11,7 @@ User settings are now configured using flows and stages, allowing administrators
### `client_credentials` support
-authentik now supports the OAuth `client_credentials` grant for machine-to-machine authentication. See [OAuth2 Provider](../../add-secure-apps/providers/oauth2/index.md)
+authentik now supports the OAuth `client_credentials` grant for machine-to-machine authentication. See [OAuth2 Provider](../../add-secure-apps/providers/oauth2/index.mdx)
## Deprecations
diff --git a/website/docs/releases/2022/v2022.5.md b/website/docs/releases/2022/v2022.5.md
index 2db311012c..66749cbad6 100644
--- a/website/docs/releases/2022/v2022.5.md
+++ b/website/docs/releases/2022/v2022.5.md
@@ -24,7 +24,7 @@ slug: "/releases/2022.5"
- OAuth2: Add support for `form_post` response mode
- Don't prompt users for MFA when they've authenticated themselves within a time period
- You can now configure any [Authenticator Validation Stage](../../add-secure-apps/flows-stages/stages/authenticator_validate/index.md) stage to not ask for MFA validation if the user has previously authenticated themselves with an MFA device (of any of the selected classes) in the `Last validation threshold`.
+ You can now configure any [Authenticator Validation Stage](../../add-secure-apps/flows-stages/stages/authenticator_validate/index.mdx) stage to not ask for MFA validation if the user has previously authenticated themselves with an MFA device (of any of the selected classes) in the `Last validation threshold`.
- Optimise bundling of web assets
diff --git a/website/docs/releases/2022/v2022.8.md b/website/docs/releases/2022/v2022.8.md
index 9ef9163a3d..9cb4dfa598 100644
--- a/website/docs/releases/2022/v2022.8.md
+++ b/website/docs/releases/2022/v2022.8.md
@@ -13,7 +13,7 @@ slug: "/releases/2022.8"
- Blueprints
- Blueprints allow for the configuration, automation and templating of authentik objects and configurations. They can be used to bootstrap new instances, configure them automatically without external tools, and to template configurations for sharing. See more [here](../../customize/blueprints/index.md).
+ Blueprints allow for the configuration, automation and templating of authentik objects and configurations. They can be used to bootstrap new instances, configure them automatically without external tools, and to template configurations for sharing. See more [here](../../customize/blueprints/index.mdx).
For installations upgrading to 2022.8, if a single flow exists, then the default blueprints will not be activated, to not overwrite user modifications.
diff --git a/website/docs/releases/2022/v2022.9.md b/website/docs/releases/2022/v2022.9.md
index bdac30c7d0..ebb85cdb13 100644
--- a/website/docs/releases/2022/v2022.9.md
+++ b/website/docs/releases/2022/v2022.9.md
@@ -5,7 +5,7 @@ slug: "/releases/2022.9"
## Breaking changes
-- `WORKERS` environment variable has been renamed to match other config options, see [Configuration](../../install-config/configuration/configuration.mdx#authentik_web__workers-authentik-20229)
+- `WORKERS` environment variable has been renamed to match other config options, see [Configuration](../../install-config/configuration/configuration.mdx#authentik_web__workers)
## New features
@@ -15,7 +15,7 @@ slug: "/releases/2022.9"
- Duo Admin API integration
- When using a Duo MFA, Duo Access or Duo Beyond plan, authentik can now automatically import devices from Duo into authentik. More info [here](../../add-secure-apps/flows-stages/stages/authenticator_duo/index.md).
+ When using a Duo MFA, Duo Access or Duo Beyond plan, authentik can now automatically import devices from Duo into authentik. More info [here](../../add-secure-apps/flows-stages/stages/authenticator_duo/index.mdx).
## API Changes
diff --git a/website/docs/releases/2023/v2023.1.md b/website/docs/releases/2023/v2023.1.md
index d35b8597bf..e0549da8eb 100644
--- a/website/docs/releases/2023/v2023.1.md
+++ b/website/docs/releases/2023/v2023.1.md
@@ -17,7 +17,7 @@ slug: "/releases/2023.1"
- Proxy provider now accepts HTTP Basic and Bearer authentication
- See [Header authentication](../../add-secure-apps/providers/proxy/header_authentication.md).
+ See [Header authentication](../../add-secure-apps/providers/proxy/header_authentication.mdx).
- LDAP provider now works with Code-based MFA stages
diff --git a/website/docs/releases/2024/v2024.12.md b/website/docs/releases/2024/v2024.12.md
index 3e9aa7199b..a5929c67e0 100644
--- a/website/docs/releases/2024/v2024.12.md
+++ b/website/docs/releases/2024/v2024.12.md
@@ -46,7 +46,7 @@ slug: "/releases/2024.12"
- **OAuth2 provider federation**
- Configure [OAuth2 provider federation](../../add-secure-apps/providers/oauth2/client_credentials.md#authentik-issued-jwts-authentik-202412) to allow exchanging authentication tokens between multiple providers.
+ Configure [OAuth2 provider federation](../../add-secure-apps/providers/oauth2/client_credentials.mdx#authentik-issued-jwts) to allow exchanging authentication tokens between multiple providers.
- **Silent authorization flow**
diff --git a/website/docs/releases/2024/v2024.4.md b/website/docs/releases/2024/v2024.4.md
index 106e46c1bd..ad06d6269f 100644
--- a/website/docs/releases/2024/v2024.4.md
+++ b/website/docs/releases/2024/v2024.4.md
@@ -43,7 +43,7 @@ slug: /releases/2024.4
Configure which types of WebAuthn devices can be used to enroll and validate for different authorization levels.
- For details refer to [WebAuthn authenticator setup stage](../../add-secure-apps/flows-stages/stages/authenticator_webauthn/index.md)
+ For details refer to [WebAuthn authenticator setup stage](../../add-secure-apps/flows-stages/stages/authenticator_webauthn/index.mdx)
- **Revamped UI for log messages**
diff --git a/website/docs/releases/old/v0.10.md b/website/docs/releases/old/v0.10.md
index 56d05efeab..47be7f9b18 100644
--- a/website/docs/releases/old/v0.10.md
+++ b/website/docs/releases/old/v0.10.md
@@ -73,4 +73,4 @@ This upgrade only applies if you are upgrading from a running 0.9 instance. auth
Because this upgrade brings the new OAuth2 Provider, the old providers will be lost in the process. Make sure to take note of the providers you want to bring over.
-Another side-effect of this upgrade is the change of OAuth2 URLs, see [here](../../add-secure-apps/providers/oauth2/index.md).
+Another side-effect of this upgrade is the change of OAuth2 URLs, see [here](../../add-secure-apps/providers/oauth2/index.mdx).
diff --git a/website/docs/security/security-hardening.md b/website/docs/security/security-hardening.md
index f79e9af6b1..65099b736e 100644
--- a/website/docs/security/security-hardening.md
+++ b/website/docs/security/security-hardening.md
@@ -25,7 +25,7 @@ However, for further hardening, it is possible to prevent any user (even super-u
- `/api/v3/propertymappings*`
- `/api/v3/managed/blueprints*`
-With these restrictions in place, expressions can only be edited using [Blueprints on the file system](../customize/blueprints/index.md#storage---file). Take care to restrict access to the file system itself.
+With these restrictions in place, expressions can only be edited using [Blueprints on the file system](../customize/blueprints/index.mdx#storage---file). Take care to restrict access to the file system itself.
### Blueprints
@@ -35,7 +35,7 @@ To prevent any user from creating/editing blueprints, block API requests to this
- `/api/v3/managed/blueprints*`
-With these restrictions in place, Blueprints can only be edited via [the file system](../customize/blueprints/index.md#storage---file).
+With these restrictions in place, Blueprints can only be edited via [the file system](../customize/blueprints/index.mdx#storage---file).
### CAPTCHA Stage
@@ -46,7 +46,7 @@ To prevent any user from creating/editing CAPTCHA stages block API requests to t
- `/api/v3/stages/captcha*`
- `/api/v3/managed/blueprints*`
-With these restrictions in place, CAPTCHA stages can only be edited using [Blueprints on the file system](../customize/blueprints/index.md#storage---file).
+With these restrictions in place, CAPTCHA stages can only be edited using [Blueprints on the file system](../customize/blueprints/index.mdx#storage---file).
### Content Security Policy (CSP)
diff --git a/website/docs/sys-mgmt/tenancy.md b/website/docs/sys-mgmt/tenancy.md
index f101fca9c0..d874b0f47f 100644
--- a/website/docs/sys-mgmt/tenancy.md
+++ b/website/docs/sys-mgmt/tenancy.md
@@ -1,9 +1,6 @@
---
title: Tenancy
----
-
-Enterprise
-
+authentik_enterprise: true
---
::::warning
@@ -32,7 +29,7 @@ For each additional tenant (beyond the default one), one or more licenses is req
A single tenant and its corresponding installation can have multiple license keys. For example, a company might purchase one license for 50 users, and then later in the same year need to buy another license for 50 more users, due to company growth. Both licenses are associated to the one installation, the one tenant.
-Learn more in our documentation about [Enterprise licenses](../enterprise/manage-enterprise.md#license-management).
+Learn more in our documentation about [Enterprise licenses](../enterprise/manage-enterprise.mdx#license-management).
### Important considerations
diff --git a/website/docs/users-sources/groups/group_ref.md b/website/docs/users-sources/groups/group_ref.md
index 28da0610eb..f75dad609f 100644
--- a/website/docs/users-sources/groups/group_ref.md
+++ b/website/docs/users-sources/groups/group_ref.md
@@ -13,4 +13,4 @@ The Group object has the following properties:
## Attributes
-See [the user reference](../user/user_ref.md#attributes) for well-known attributes.
+See [the user reference](../user/user_ref.mdx#attributes) for well-known attributes.
diff --git a/website/docs/users-sources/groups/index.mdx b/website/docs/users-sources/groups/index.mdx
index 6764bfc9cb..fb6c659358 100644
--- a/website/docs/users-sources/groups/index.mdx
+++ b/website/docs/users-sources/groups/index.mdx
@@ -3,7 +3,7 @@ title: About groups
description: Learn about groups in authentik
---
-For information about creating and editing groups refer to [Manage groups](./manage_groups.md).
+For information about creating and editing groups refer to [Manage groups](./manage_groups.mdx).
## Hierarchy
diff --git a/website/docs/users-sources/groups/manage_groups.md b/website/docs/users-sources/groups/manage_groups.mdx
similarity index 96%
rename from website/docs/users-sources/groups/manage_groups.md
rename to website/docs/users-sources/groups/manage_groups.mdx
index deae5e9879..6097d177b8 100644
--- a/website/docs/users-sources/groups/manage_groups.md
+++ b/website/docs/users-sources/groups/manage_groups.mdx
@@ -43,7 +43,7 @@ To delete a group, follow these steps:
You can assign a role to a group, and then all users in the group inherit the permissions assigned to that role. For instructions and more information, see [Assign a role to a group](../roles/manage_roles.md#assign-a-role-to-a-group).
-## Delegating group member management authentik 2024.4+
+## Delegating group member management:ak-version[2024.4]
To give a specific Role or User the ability to manage group members, the following permissions need to be granted on the matching Group object:
diff --git a/website/docs/users-sources/sources/directory-sync/active-directory/index.md b/website/docs/users-sources/sources/directory-sync/active-directory/index.md
index 3b688df624..6b10fdfc10 100644
--- a/website/docs/users-sources/sources/directory-sync/active-directory/index.md
+++ b/website/docs/users-sources/sources/directory-sync/active-directory/index.md
@@ -1,9 +1,8 @@
---
title: Active Directory
+support_level: community
---
-Support level: Community
-
## Preparation
The following placeholders are used in this guide:
diff --git a/website/docs/users-sources/sources/directory-sync/freeipa/index.md b/website/docs/users-sources/sources/directory-sync/freeipa/index.md
index f4cc400c72..b0e939b22b 100644
--- a/website/docs/users-sources/sources/directory-sync/freeipa/index.md
+++ b/website/docs/users-sources/sources/directory-sync/freeipa/index.md
@@ -1,9 +1,8 @@
---
title: FreeIPA
+support_level: community
---
-Support level: Community
-
## Preparation
The following placeholders are used in this guide:
diff --git a/website/docs/users-sources/sources/index.md b/website/docs/users-sources/sources/index.md
index bdf44ba72b..0ca0848205 100644
--- a/website/docs/users-sources/sources/index.md
+++ b/website/docs/users-sources/sources/index.md
@@ -8,7 +8,7 @@ Sources allow you to connect authentik to an external user directory. Sources ca
Sources are in the following general categories:
-- **Protocols** ([Kerberos](./protocols/kerberos/index.md), [LDAP](./protocols/ldap/index.md), [OAuth](./protocols/oauth/index.md), [SAML](./protocols/saml/index.md), and [SCIM](./protocols/scim/index.md))
+- **Protocols** ([Kerberos](./protocols/kerberos/index.md), [LDAP](./protocols/ldap/index.md), [OAuth](./protocols/oauth/index.mdx), [SAML](./protocols/saml/index.md), and [SCIM](./protocols/scim/index.md))
- [**Property mappings**](./property-mappings/index.md) or how to import data from a source
- **Directory synchronization** (Active Directory, FreeIPA)
- **Social logins** (Apple, Discord, Twitch, Twitter, and many others)
diff --git a/website/docs/users-sources/sources/property-mappings/expressions.md b/website/docs/users-sources/sources/property-mappings/expressions.md
index a36f8effee..ecee21cd4b 100644
--- a/website/docs/users-sources/sources/property-mappings/expressions.md
+++ b/website/docs/users-sources/sources/property-mappings/expressions.md
@@ -16,6 +16,6 @@ import Objects from "../../../expressions/\_objects.md";
## Available Functions
-import Functions from "../../../expressions/\_functions.md";
+import Functions from "../../../expressions/\_functions.mdx";
diff --git a/website/docs/users-sources/sources/property-mappings/index.md b/website/docs/users-sources/sources/property-mappings/index.md
index fc55914001..cc92746733 100644
--- a/website/docs/users-sources/sources/property-mappings/index.md
+++ b/website/docs/users-sources/sources/property-mappings/index.md
@@ -8,7 +8,7 @@ This page is an overview of how property mappings work. For information about sp
- [Kerberos](../protocols/kerberos/#kerberos-source-property-mappings)
- [LDAP](../protocols/ldap/index.md#ldap-source-property-mappings)
-- [OAuth](../protocols/oauth/index.md#oauth-source-property-mappings)
+- [OAuth](../protocols/oauth/index.mdx#oauth-source-property-mappings)
- [SAML](../protocols/saml/index.md#saml-source-property-mappings)
- [SCIM](../protocols/scim/index.md#scim-source-property-mappings)
@@ -36,7 +36,7 @@ return {
}
```
-You can see that the expression returns a Python dictionary. The dictionary keys must match [User properties](../../user/user_ref.md#object-properties) or [Group properties](../../groups/group_ref.md#object-properties). Note that for users, `ak_groups` and `group_attributes` cannot be set.
+You can see that the expression returns a Python dictionary. The dictionary keys must match [User properties](../../user/user_ref.mdx#object-properties) or [Group properties](../../groups/group_ref.md#object-properties). Note that for users, `ak_groups` and `group_attributes` cannot be set.
See each source documentation for a reference of the available data. See the authentik [expressions documentation](./expressions.md) for available data and functions.
diff --git a/website/docs/users-sources/sources/protocols/kerberos/index.md b/website/docs/users-sources/sources/protocols/kerberos/index.md
index 62baf6d02b..8baed048a4 100644
--- a/website/docs/users-sources/sources/protocols/kerberos/index.md
+++ b/website/docs/users-sources/sources/protocols/kerberos/index.md
@@ -1,10 +1,7 @@
---
title: Kerberos
----
-
-Preview
-authentik 2024.10+
-
+authentik_preview: true
+authentik_version: "2024.10"
---
This source allows users to enroll themselves with an existing Kerberos identity.
diff --git a/website/docs/users-sources/sources/protocols/oauth/index.md b/website/docs/users-sources/sources/protocols/oauth/index.mdx
similarity index 97%
rename from website/docs/users-sources/sources/protocols/oauth/index.md
rename to website/docs/users-sources/sources/protocols/oauth/index.mdx
index a4cd161111..fb0aabacc3 100644
--- a/website/docs/users-sources/sources/protocols/oauth/index.md
+++ b/website/docs/users-sources/sources/protocols/oauth/index.mdx
@@ -14,7 +14,7 @@ This source allows users to enroll themselves with an external OAuth-based Ident
Starting with authentik 2022.10, the default scopes can be replaced by prefix the value for scopes with `*`.
-### OpenID Connect authentik 2022.6+
+### OpenID Connect
#### Well-known
diff --git a/website/docs/users-sources/sources/social-logins/apple/index.md b/website/docs/users-sources/sources/social-logins/apple/index.md
index fa1ed57a5c..59bd2116f1 100644
--- a/website/docs/users-sources/sources/social-logins/apple/index.md
+++ b/website/docs/users-sources/sources/social-logins/apple/index.md
@@ -1,9 +1,8 @@
---
title: Apple
+support_level: authentik
---
-Support level: authentik
-
Allows users to authenticate using their Apple ID.
## Preparation
diff --git a/website/docs/users-sources/sources/social-logins/azure-ad/index.md b/website/docs/users-sources/sources/social-logins/azure-ad/index.mdx
similarity index 95%
rename from website/docs/users-sources/sources/social-logins/azure-ad/index.md
rename to website/docs/users-sources/sources/social-logins/azure-ad/index.mdx
index 7ff92458ca..161dbc21c9 100644
--- a/website/docs/users-sources/sources/social-logins/azure-ad/index.md
+++ b/website/docs/users-sources/sources/social-logins/azure-ad/index.mdx
@@ -1,9 +1,8 @@
---
title: Azure AD
+support_level: community
---
-Support level: Community
-
## Preparation
The following placeholders are used in this guide:
@@ -112,9 +111,9 @@ return True
Try to login with a **_new_** user. You should see no prompts and the user should have the correct information.
-### Machine-to-machine authentication authentik 2024.12+
+### Machine-to-machine authentication:ak-version[2024.12]
-If using [Machine-to-Machine](../../../../add-secure-apps/providers/oauth2/client_credentials.md#jwt-authentication) authentication, some specific steps need to be considered.
+If using [Machine-to-Machine](../../../../add-secure-apps/providers/oauth2/client_credentials.mdx#jwt-authentication) authentication, some specific steps need to be considered.
When getting the JWT token from Azure AD, set the scope to the Application ID URI, and _not_ the Graph URL; otherwise the JWT will be in an invalid format.
diff --git a/website/docs/users-sources/sources/social-logins/discord/index.md b/website/docs/users-sources/sources/social-logins/discord/index.md
index dab8fdd60d..3cf5727495 100644
--- a/website/docs/users-sources/sources/social-logins/discord/index.md
+++ b/website/docs/users-sources/sources/social-logins/discord/index.md
@@ -1,9 +1,8 @@
---
title: Discord
+support_level: authentik
---
-Support level: authentik
-
Allows users to authenticate using their Discord credentials
## Preparation
@@ -162,13 +161,13 @@ Ensure that the Discord OAuth source in **Federation & Social login** has the ad
:::
:::info
-Any authentik role that you want to sync with a Discord role needs to have the **attribute** `discord_role_id` with a value of the Discord role's ID set.
-This setting can be found under `Authentik > Admin Interface > Directory > Groups > YOUR_GROUP > Attributes`
+Any authentik role that you want to sync with a Discord role needs to have the **attribute** `discord_role_id` with a value of the Discord role's ID set.
+This setting can be found under `Authentik > Admin Interface > Directory > Groups > YOUR_GROUP > Attributes`
Example: `discord_role_id: ""`
:::
-The following two policies allow you to synchronize roles in a Discord guild with roles in authentik.
-Whenever a user enrolls or signs in to authentik via a Discord source, these policies will check the user's Discord roles and apply the user's authentik roles accordingly.
+The following two policies allow you to synchronize roles in a Discord guild with roles in authentik.
+Whenever a user enrolls or signs in to authentik via a Discord source, these policies will check the user's Discord roles and apply the user's authentik roles accordingly.
All roles with the attribute `discord_role_id` defined will be added or removed depending on whether the user is a member of the defined Discord role.
Create a new **Expression Policy** with the content below, adjusting the variables where required.
diff --git a/website/docs/users-sources/sources/social-logins/facebook/index.md b/website/docs/users-sources/sources/social-logins/facebook/index.md
index b70af06979..738db0cb4e 100644
--- a/website/docs/users-sources/sources/social-logins/facebook/index.md
+++ b/website/docs/users-sources/sources/social-logins/facebook/index.md
@@ -1,9 +1,8 @@
---
title: Facebook
+support_level: community
---
-Support level: Community
-
Adding Facebook as a source allows users to authenticate through authentik using their Facebook credentials.
## Preparation
diff --git a/website/docs/users-sources/sources/social-logins/github/index.md b/website/docs/users-sources/sources/social-logins/github/index.mdx
similarity index 94%
rename from website/docs/users-sources/sources/social-logins/github/index.md
rename to website/docs/users-sources/sources/social-logins/github/index.mdx
index be7961a5dd..bdcc4950ef 100644
--- a/website/docs/users-sources/sources/social-logins/github/index.md
+++ b/website/docs/users-sources/sources/social-logins/github/index.mdx
@@ -1,9 +1,8 @@
---
title: Github
+support_level: authentik
---
-Support level: authentik
-
Allows users to authenticate using their Github credentials
## Preparation
@@ -50,7 +49,7 @@ Save, and you now have Github as a source.
For more details on how-to have the new source display on the Login Page see [here](../../index.md#add-sources-to-default-login-page).
:::
-### Checking for membership of a GitHub Organisation authentik 2021.12.5.+
+### Checking for membership of a GitHub Organisation
To check if the user is member of an organisation, you can use the following policy on your flows:
diff --git a/website/docs/users-sources/sources/social-logins/google/cloud/index.md b/website/docs/users-sources/sources/social-logins/google/cloud/index.md
index a364d961af..d0b00d5ced 100644
--- a/website/docs/users-sources/sources/social-logins/google/cloud/index.md
+++ b/website/docs/users-sources/sources/social-logins/google/cloud/index.md
@@ -2,10 +2,9 @@
title: Google Cloud (with OAuth)
sidebar_label: Google Cloud (OAuth)
tags: [integration, oauth, google]
+support_level: community
---
-Support level: Community
-
Allows users to authenticate using their Google credentials
## Preparation
diff --git a/website/docs/users-sources/sources/social-logins/google/workspace/index.md b/website/docs/users-sources/sources/social-logins/google/workspace/index.md
index fffacfb43f..4dd71838ee 100644
--- a/website/docs/users-sources/sources/social-logins/google/workspace/index.md
+++ b/website/docs/users-sources/sources/social-logins/google/workspace/index.md
@@ -2,10 +2,9 @@
title: Google Workspace (with SAML)
sidebar_label: Google Workspace (SAML)
tags: [integration, saml, google]
+support_level: authentik
---
-Support level: authentik
-
This topic covers configuring authentik to authenticate users with their Google Workspace credentials.
## What is Google Workspace?
diff --git a/website/docs/users-sources/sources/social-logins/mailcow/index.md b/website/docs/users-sources/sources/social-logins/mailcow/index.md
index 13bb091cb3..b1f1b5a229 100644
--- a/website/docs/users-sources/sources/social-logins/mailcow/index.md
+++ b/website/docs/users-sources/sources/social-logins/mailcow/index.md
@@ -1,9 +1,8 @@
---
title: Mailcow
+support_level: community
---
-Support level: Community
-
Allows users to authenticate using their Mailcow credentials
## Preparation
diff --git a/website/docs/users-sources/sources/social-logins/plex/index.md b/website/docs/users-sources/sources/social-logins/plex/index.md
index eec22120c1..2f3fc53a4b 100644
--- a/website/docs/users-sources/sources/social-logins/plex/index.md
+++ b/website/docs/users-sources/sources/social-logins/plex/index.md
@@ -1,9 +1,8 @@
---
title: Plex
+support_level: community
---
-Support level: Community
-
Allows users to authenticate using their Plex credentials
## Preparation
diff --git a/website/docs/users-sources/sources/social-logins/twitch/index.md b/website/docs/users-sources/sources/social-logins/twitch/index.md
index 766909b9f9..a801f8d18c 100644
--- a/website/docs/users-sources/sources/social-logins/twitch/index.md
+++ b/website/docs/users-sources/sources/social-logins/twitch/index.md
@@ -1,9 +1,8 @@
---
title: Twitch
+support_level: community
---
-Support level: Community
-
Allows users to authenticate using their Twitch credentials
## Preparation
diff --git a/website/docs/users-sources/sources/social-logins/twitter/index.md b/website/docs/users-sources/sources/social-logins/twitter/index.md
index 351fa524d0..afb6392d15 100644
--- a/website/docs/users-sources/sources/social-logins/twitter/index.md
+++ b/website/docs/users-sources/sources/social-logins/twitter/index.md
@@ -1,9 +1,8 @@
---
title: Twitter
+support_level: authentik
---
-Support level: authentik
-
Allows users to authenticate using their twitter credentials
## Preparation
diff --git a/website/docs/users-sources/user/index.mdx b/website/docs/users-sources/user/index.mdx
index 6af90501bd..25915ae524 100644
--- a/website/docs/users-sources/user/index.mdx
+++ b/website/docs/users-sources/user/index.mdx
@@ -6,7 +6,7 @@ import DocCardList from "@theme/DocCardList";
In authentik you can create and manage users with fine-tuned access control, session and event details, group membership, super-user rights, impersonation, and password management and recovery.
-To learn more about Enterprise licenses with internal and external users, refer to our [Enterprise documentation](../../enterprise/manage-enterprise.md#about-users-and-licenses).
+To learn more about Enterprise licenses with internal and external users, refer to our [Enterprise documentation](../../enterprise/manage-enterprise.mdx#about-users-and-licenses).
To learn more about working with users in authentik, refer to the following topics:
diff --git a/website/docs/users-sources/user/user_basic_operations.md b/website/docs/users-sources/user/user_basic_operations.md
index 5cec096d9a..cbe31c0a9c 100644
--- a/website/docs/users-sources/user/user_basic_operations.md
+++ b/website/docs/users-sources/user/user_basic_operations.md
@@ -30,7 +30,7 @@ The following topics are for the basic management of users: how to create, modif
You should see a confirmation pop-up on the top-right of the screen that the user has been created, and see the new user in the user list. You can directly click the username if you want to [modify your user](./user_basic_operations#modify-a-user).
:::info
-To create a super-user, you need to add the user to a group that has super-user permissions. For more information, refer to [Create a Group](../groups/manage_groups.md#create-a-group).
+To create a super-user, you need to add the user to a group that has super-user permissions. For more information, refer to [Create a Group](../groups/manage_groups.mdx#create-a-group).
:::
### View user details
@@ -48,7 +48,7 @@ To view details about a specific user:
- **Session** shows the active sessions established by the user. If there is any need, you can clean up the connected devices for a user by selecting the device(s) and then clicking **Delete**. This forces the user to authenticate again on the deleted devices.
- **Groups** allows you to manage the group membership of the user. You can find more details on [groups](../groups/index.mdx).
- **User events** displays all the events generated by the user during a session, such as login, logout, application authorisation, password reset, user info update, etc.
-- **Explicit consent** lists all the permissions the user has given explicitly to an application. Entries will only appear if the user is validating an [explicit consent flow in an OAuth2 provider](../../add-secure-apps/providers/oauth2/index.md). If you want to delete the explicit consent (because the application is requiring new permissions, or the user has explicitly asked to reset his consent on third-party apps), select the applications and click **Delete**. The user will be asked to again give explicit consent to share information with the application.
+- **Explicit consent** lists all the permissions the user has given explicitly to an application. Entries will only appear if the user is validating an [explicit consent flow in an OAuth2 provider](../../add-secure-apps/providers/oauth2/index.mdx). If you want to delete the explicit consent (because the application is requiring new permissions, or the user has explicitly asked to reset his consent on third-party apps), select the applications and click **Delete**. The user will be asked to again give explicit consent to share information with the application.
- **OAuth Refresh Tokens** lists all the OAuth tokens currently distributed. You can remove the tokens by selecting the applications and then clicking **Delete**.
- **MFA Authenticators** shows all the authentications that the user has registered to their user profile. You can remove the tokens if the user has lost their authenticator and want to enroll a new one.
diff --git a/website/docs/users-sources/user/user_ref.md b/website/docs/users-sources/user/user_ref.mdx
similarity index 96%
rename from website/docs/users-sources/user/user_ref.md
rename to website/docs/users-sources/user/user_ref.mdx
index 288e4c5c06..b75d0bff2f 100644
--- a/website/docs/users-sources/user/user_ref.md
+++ b/website/docs/users-sources/user/user_ref.mdx
@@ -14,7 +14,7 @@ The User object has the following properties:
- `is_active` Boolean field if user is active.
- `date_joined` Date user joined/was created.
- `password_change_date` Date password was last changed.
-- `path` User's path, see [Path](#path-authentik-20227)
+- `path` User's path, see [Path](#path)
- `attributes` Dynamic attributes, see [Attributes](#attributes)
- `group_attributes()` Merged attributes of all groups the user is member of and the user's own attributes.
- `ak_groups` This is a queryset of all the user's groups.
@@ -42,7 +42,7 @@ for group in user.ak_groups.all():
yield group.name
```
-## Path authentik 2022.7+
+## Path
Paths can be used to organize users into folders depending on which source created them or organizational structure. Paths may not start or end with a slash, but they can contain any other character as path segments. The paths are currently purely used for organization, it does not affect their permissions, group memberships, or anything else.
diff --git a/website/docusaurus.config.ts b/website/docusaurus.config.ts
index 572e429b1d..211863233d 100644
--- a/website/docusaurus.config.ts
+++ b/website/docusaurus.config.ts
@@ -2,10 +2,14 @@ import type { Config } from "@docusaurus/types";
import type * as Preset from "@docusaurus/preset-classic";
import { themes as prismThemes } from "prism-react-renderer";
import type * as OpenApiPlugin from "docusaurus-plugin-openapi-docs";
+import remarkGithub, { BuildUrlValues } from "remark-github";
+import { defaultBuildUrl } from "remark-github";
+import remarkDirective from "remark-directive";
+import remarkVersionDirective from "./remark/version-directive";
+import remarkPreviewDirective from "./remark/preview-directive";
+import remarkSupportDirective from "./remark/support-directive";
-module.exports = async function (): Promise {
- const remarkGithub = (await import("remark-github")).default;
- const defaultBuildUrl = (await import("remark-github")).defaultBuildUrl;
+const createConfig = (): Config => {
return {
title: "authentik",
tagline: "Bring all of your authentication into a unified platform.",
@@ -80,7 +84,15 @@ module.exports = async function (): Promise {
prism: {
theme: prismThemes.oneLight,
darkTheme: prismThemes.oneDark,
- additionalLanguages: ["python", "diff", "json", "http"],
+ additionalLanguages: [
+ // ---
+ "apacheconf",
+ "diff",
+ "http",
+ "json",
+ "nginx",
+ "python",
+ ],
},
},
presets: [
@@ -93,13 +105,19 @@ module.exports = async function (): Promise {
editUrl:
"https://github.com/goauthentik/authentik/edit/main/website/",
docItemComponent: "@theme/ApiItem",
+ beforeDefaultRemarkPlugins: [
+ remarkDirective,
+ remarkVersionDirective,
+ remarkPreviewDirective,
+ remarkSupportDirective,
+ ],
remarkPlugins: [
[
remarkGithub,
{
repository: "goauthentik/authentik",
// Only replace issues and PR links
- buildUrl: function (values) {
+ buildUrl: (values: BuildUrlValues) => {
return values.type === "issue" ||
values.type === "mention"
? defaultBuildUrl(values)
@@ -151,3 +169,5 @@ module.exports = async function (): Promise {
themes: ["@docusaurus/theme-mermaid", "docusaurus-theme-openapi-docs"],
};
};
+
+module.exports = createConfig;
diff --git a/website/integrations/services/actual-budget/index.mdx b/website/integrations/services/actual-budget/index.mdx
index 0180ff4d15..48d2dc10dd 100644
--- a/website/integrations/services/actual-budget/index.mdx
+++ b/website/integrations/services/actual-budget/index.mdx
@@ -1,12 +1,9 @@
---
title: Integrate with Actual Budget
sidebar_label: Actual Budget
+support_level: community
---
-# Integrate With Actual Budget
-
-Support level: Community
-
## What is Actual Budget
> Actual Budget is a web-based financial management software. It helps users track and manage their income, expenses, and budgets in real time.
diff --git a/website/integrations/services/adventurelog/index.md b/website/integrations/services/adventurelog/index.md
index 50cfa5193c..0d1c8af550 100644
--- a/website/integrations/services/adventurelog/index.md
+++ b/website/integrations/services/adventurelog/index.md
@@ -1,12 +1,9 @@
---
title: Integrate with AdventureLog
sidebar_label: AdventureLog
+support_level: community
---
-# Integrate with AdventureLog
-
-Support level: Community
-
## What is AdventureLog
> AdventureLog is a self-hosted travel tracker and trip planner. AdventureLog is the ultimate travel companion for the modern-day explorer.
diff --git a/website/integrations/services/apache-guacamole/index.mdx b/website/integrations/services/apache-guacamole/index.mdx
index cd0c27bed5..e47963488b 100644
--- a/website/integrations/services/apache-guacamole/index.mdx
+++ b/website/integrations/services/apache-guacamole/index.mdx
@@ -1,12 +1,9 @@
---
title: Integrate with Apache Guacamole™
sidebar_label: Apache Guacamole™
+support_level: authentik
---
-# Integrate with Apache Guacamole™
-
-Support level: authentik
-
## What is Apache Guacamole™
> Apache Guacamole is a clientless remote desktop gateway. It supports standard protocols like VNC, RDP, and SSH.
diff --git a/website/integrations/services/argocd/index.md b/website/integrations/services/argocd/index.md
index 26935541ad..79d92545b5 100644
--- a/website/integrations/services/argocd/index.md
+++ b/website/integrations/services/argocd/index.md
@@ -1,12 +1,9 @@
---
title: Integrate with ArgoCD
sidebar_label: ArgoCD
+support_level: community
---
-# Integrate with ArgoCD
-
-Support level: Community
-
## What is ArgoCD
> Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes.
diff --git a/website/integrations/services/aruba-orchestrator/index.md b/website/integrations/services/aruba-orchestrator/index.md
index 6973d6296e..bd8fae0bf1 100644
--- a/website/integrations/services/aruba-orchestrator/index.md
+++ b/website/integrations/services/aruba-orchestrator/index.md
@@ -1,12 +1,9 @@
---
title: Integrate with Aruba Orchestrator
sidebar_label: Aruba Orchestrator
+support_level: community
---
-# Integrate with Aruba Orchestrator
-
-Support level: Community
-
## What is Aruba Orchestrator
> Aruba Orchestrator is a network management platform used to centrally manage, configure, monitor, and automate Aruba network devices and services. It provides tools for network visibility, policy management, and performance monitoring, simplifying the administration of complex and distributed network environments.
diff --git a/website/integrations/services/aws/index.md b/website/integrations/services/aws/index.md
index 4b5f9bd9de..198549ba51 100644
--- a/website/integrations/services/aws/index.md
+++ b/website/integrations/services/aws/index.md
@@ -1,12 +1,9 @@
---
title: Integrate with Amazon Web Services
sidebar_label: Amazon Web Services
+support_level: authentik
---
-# Integrate with Amazon Web Services
-
-Support level: authentik
-
## What is AWS
> Amazon Web Services (AWS) is the world’s most comprehensive and broadly adopted cloud, with more than 200 fully featured services available from data centers globally. Millions of customers—including the fastest-growing startups, largest enterprises, and leading government agencies—are using AWS to lower costs, increase security, become more agile, and innovate faster.
diff --git a/website/integrations/services/awx-tower/index.md b/website/integrations/services/awx-tower/index.md
index bbbbe6183c..d3078f7b40 100644
--- a/website/integrations/services/awx-tower/index.md
+++ b/website/integrations/services/awx-tower/index.md
@@ -1,12 +1,9 @@
---
title: Integrate with Red Hat Ansible Automation Platform / AWX
sidebar_label: Red Hat Ansible Automation Platform / AWX
+support_level: community
---
-# Integrate with Red Hat Ansible Automation Platform / AWX
-
-
-
## What is Tower
From
diff --git a/website/integrations/services/bookstack/index.md b/website/integrations/services/bookstack/index.md
index c71b698a25..9472632178 100644
--- a/website/integrations/services/bookstack/index.md
+++ b/website/integrations/services/bookstack/index.md
@@ -1,12 +1,9 @@
---
title: Integrate with Bookstack
sidebar_label: Bookstack
+support_level: community
---
-# Integrate with Bookstack
-
-Support level: Community
-
## What is Bookstack
> BookStack is a free and open-source wiki software aimed for a simple, self-hosted, and easy-to-use platform. Based on Laravel, a PHP framework, BookStack is released under the MIT License. It uses the ideas of books to organise pages and store information. BookStack is multilingual and available in over thirty languages. For the simplicity, BookStack is considered as suitable for smaller businesses or freelancers.
diff --git a/website/integrations/services/budibase/index.md b/website/integrations/services/budibase/index.md
index d84aa72fdb..f50c21d83e 100644
--- a/website/integrations/services/budibase/index.md
+++ b/website/integrations/services/budibase/index.md
@@ -1,12 +1,9 @@
---
title: Integrate with Budibase
sidebar_label: Budibase
+support_level: community
---
-# Integrate with Budibase
-
-Support level: Community
-
## What is Budibase
> Budibase is an open source low-code platform, and the easiest way to build internal tools that improve productivity.
diff --git a/website/integrations/services/chronograf/index.md b/website/integrations/services/chronograf/index.md
index 66e26898b2..7e78154eef 100644
--- a/website/integrations/services/chronograf/index.md
+++ b/website/integrations/services/chronograf/index.md
@@ -1,12 +1,9 @@
---
title: Integrate with Chronograf
sidebar_label: Chronograf
+support_level: community
---
-# Integrate with Chronograf
-
-Support level: Community
-
## What is Chronograf
> Chronograf lets you quickly visualize the data stored in InfluxDB, enabling you to build robust queries and alerts. It is simple to use and comes with templates and libraries for rapidly creating dashboards with real-time data visualizations.
diff --git a/website/integrations/services/cloudflare-access/index.md b/website/integrations/services/cloudflare-access/index.md
index 2678ed61f7..96aa048ddc 100644
--- a/website/integrations/services/cloudflare-access/index.md
+++ b/website/integrations/services/cloudflare-access/index.md
@@ -1,12 +1,9 @@
---
title: Integrate with Cloudflare Access
sidebar_label: Cloudflare Access
+support_level: community
---
-# Integrate with Cloudflare Access
-
-Support level: Community
-
## What is Cloudflare Access
> Cloudflare Access is a secure, cloud-based zero-trust solution for managing and authenticating user access to internal applications and resources.
diff --git a/website/integrations/services/dokuwiki/index.md b/website/integrations/services/dokuwiki/index.md
index 3e629c670b..5e7a61240a 100644
--- a/website/integrations/services/dokuwiki/index.md
+++ b/website/integrations/services/dokuwiki/index.md
@@ -1,12 +1,9 @@
---
title: Integrate with DokuWiki
sidebar_label: DokuWiki
+support_level: community
---
-# Integrate with DokuWiki
-
-Support level: Community
-
## What is DokuWiki
From https://en.wikipedia.org/wiki/DokuWiki
diff --git a/website/integrations/services/engomo/index.mdx b/website/integrations/services/engomo/index.mdx
index f7327c4c11..98c3188771 100644
--- a/website/integrations/services/engomo/index.mdx
+++ b/website/integrations/services/engomo/index.mdx
@@ -1,12 +1,9 @@
---
title: Integrate with engomo
sidebar_label: engomo
+support_level: community
---
-# Integrate with engomo
-
-Support level: Community
-
## What is engomo
> engomo is an low-code app development platform to create enterprise apps for smartphones and tablets based on Android, iOS, or iPadOS.
diff --git a/website/integrations/services/espoCRM/index.md b/website/integrations/services/espoCRM/index.md
index ee92027165..8ba59e693e 100644
--- a/website/integrations/services/espoCRM/index.md
+++ b/website/integrations/services/espoCRM/index.md
@@ -1,12 +1,9 @@
---
title: Integrate with EspoCRM
sidebar_label: EspoCRM
+support_level: community
---
-# Integrate with EspoCRM
-
-Support level: Community
-
## What is EspoCRM?
> EspoCRM is a CRM (customer relationship management) web application that allows users to store, visualize, and analyze their company's business-related relationships such as opportunities, people, businesses, and projects.
diff --git a/website/integrations/services/firezone/index.md b/website/integrations/services/firezone/index.md
index 4e07884a98..7b4d114a35 100644
--- a/website/integrations/services/firezone/index.md
+++ b/website/integrations/services/firezone/index.md
@@ -1,12 +1,9 @@
---
title: Integrate with Firezone
sidebar_label: Firezone
+support_level: community
---
-# Integrate with Firezone
-
-Support level: Community
-
## What is Firezone
> Firezone is an open-source remote access platform built on WireGuard®, a modern VPN protocol that's 4-6x faster than OpenVPN.
diff --git a/website/integrations/services/fortigate-admin/index.md b/website/integrations/services/fortigate-admin/index.md
index f4231f2c49..6e2254632e 100644
--- a/website/integrations/services/fortigate-admin/index.md
+++ b/website/integrations/services/fortigate-admin/index.md
@@ -1,12 +1,9 @@
---
title: Integrate with FortiGate Admin Login
sidebar_label: FortiGate Admin Login
+support_level: community
---
-# Integrate with FortiGate Admin Login
-
-Support level: Community
-
## What is FortiGate
> FortiGate is a firewall from FortiNet. It is a NGFW with layer7 inspection and able to become a part of a FortiNet security fabric.
diff --git a/website/integrations/services/fortigate-ssl/index.md b/website/integrations/services/fortigate-ssl/index.md
index 8a10bc7fc5..ac44f12084 100644
--- a/website/integrations/services/fortigate-ssl/index.md
+++ b/website/integrations/services/fortigate-ssl/index.md
@@ -1,12 +1,9 @@
---
title: Integrate with FortiGate SSLVPN
sidebar_label: FortiGate SSLVPN
+support_level: community
---
-# Integrate with FortiGate SSLVPN
-
-Support level: Community
-
## FortiGate SSLVPN
> FortiGate is a firewall from FortiNet. It is a NGFW with layer7 inspection and able to become a part of a FortiNet security fabric.
diff --git a/website/integrations/services/fortimanager/index.md b/website/integrations/services/fortimanager/index.md
index 4a30e3c0f7..d6f5f6d844 100644
--- a/website/integrations/services/fortimanager/index.md
+++ b/website/integrations/services/fortimanager/index.md
@@ -1,12 +1,9 @@
---
title: Integrate with FortiManager
sidebar_label: FortiManager
+support_level: community
---
-# Integrate with FortiManager
-
-Support level: Community
-
## What is FortiManager
> FortiManager supports network operations use cases for centralized management, best practices compliance, and workflow automation to provide better protection against breaches.
diff --git a/website/integrations/services/frappe/index.md b/website/integrations/services/frappe/index.md
index 8ed977defa..d8a6304b21 100644
--- a/website/integrations/services/frappe/index.md
+++ b/website/integrations/services/frappe/index.md
@@ -1,12 +1,9 @@
---
title: Integrate with Frappe
sidebar_label: Frappe
+support_level: community
---
-# Integrate with Frappe
-
-Support level: Community
-
:::note
These instructions apply to all projects in the Frappe Family.
:::
diff --git a/website/integrations/services/freshrss/index.md b/website/integrations/services/freshrss/index.md
index 6cea7111de..e77986dc9c 100644
--- a/website/integrations/services/freshrss/index.md
+++ b/website/integrations/services/freshrss/index.md
@@ -1,12 +1,9 @@
---
title: Integrate with FreshRSS
sidebar_label: FreshRSS
+support_level: community
---
-# Integrate with FreshRSS
-
-Support level: Community
-
## What is FreshRSS
> FreshRSS is a self-hosted RSS feed aggregator.
diff --git a/website/integrations/services/gatus/index.md b/website/integrations/services/gatus/index.md
index c467f29556..5a732a28c8 100644
--- a/website/integrations/services/gatus/index.md
+++ b/website/integrations/services/gatus/index.md
@@ -1,12 +1,9 @@
---
title: Integrate with Gatus
sidebar_label: Gatus
+support_level: community
---
-# Integrate with Gatus
-
-Support level: Community
-
## What is Gatus?
> Gatus is a free and open source project for endpoint monitoring. It allows many types of monitoring from pings or http requests to DNS checking and certification expiration. This is all done through yaml files.
diff --git a/website/integrations/services/gitea/index.md b/website/integrations/services/gitea/index.md
index c1a44457b0..de35f69ef6 100644
--- a/website/integrations/services/gitea/index.md
+++ b/website/integrations/services/gitea/index.md
@@ -1,12 +1,9 @@
---
title: Integrate with Gitea
sidebar_label: Gitea
+support_level: community
---
-# Integrate with Gitea
-
-Support level: Community
-
## What is Gitea
> Gitea is a community managed lightweight code hosting solution written in Go. It is published under the MIT license.
diff --git a/website/integrations/services/github-enterprise-cloud/index.md b/website/integrations/services/github-enterprise-cloud/index.md
index cbd4c47416..dd16275bef 100644
--- a/website/integrations/services/github-enterprise-cloud/index.md
+++ b/website/integrations/services/github-enterprise-cloud/index.md
@@ -1,12 +1,9 @@
---
title: Integrate with GitHub Enterprise Cloud
sidebar_label: GitHub Enterprise Cloud
+support_level: community
---
-# Integrate with GitHub Enterprise Cloud
-
-Support level: Community
-
## What is GitHub Enterprise Cloud
> GitHub is a complete developer platform to build, scale, and deliver secure software. Businesses use our suite of products to support the entire software development lifecycle, increasing development velocity and improving code quality.
diff --git a/website/integrations/services/github-enterprise-emu/index.md b/website/integrations/services/github-enterprise-emu/index.md
index be2d5d644f..de2aa4f581 100644
--- a/website/integrations/services/github-enterprise-emu/index.md
+++ b/website/integrations/services/github-enterprise-emu/index.md
@@ -1,12 +1,9 @@
---
title: Integrate with GitHub Enterprise Cloud - Enterprise Managed Users
sidebar_label: GitHub Enterprise Cloud EMU
+support_level: community
---
-# Integrate with GitHub Enterprise Cloud - Enterprise Managed Users
-
-Support level: Community
-
## What is GitHub Enterprise Cloud - Enterprise Managed Users
> With Enterprise Managed Users, you manage the lifecycle and authentication of your users on GitHub from an external identity management system, or IdP:
diff --git a/website/integrations/services/github-enterprise-server/index.md b/website/integrations/services/github-enterprise-server/index.md
index 165ea9ba01..d779ef43cd 100644
--- a/website/integrations/services/github-enterprise-server/index.md
+++ b/website/integrations/services/github-enterprise-server/index.md
@@ -1,12 +1,9 @@
---
title: Integrate with GitHub Enterprise Server
sidebar_label: GitHub Enterprise Server
+support_level: community
---
-# Integrate with GitHub Enterprise Server
-
-Support level: Community
-
## What is GitHub Enterprise Server
> GitHub Enterprise Server is a self-hosted platform for software development within your enterprise. Your team can use GitHub Enterprise Server to build and ship software using Git version control, powerful APIs, productivity and collaboration tools, and integrations. Developers familiar with GitHub.com can onboard and contribute seamlessly using familiar features and workflows.
diff --git a/website/integrations/services/github-organization/index.md b/website/integrations/services/github-organization/index.md
index a0812fc7dd..d9c5e88c4f 100644
--- a/website/integrations/services/github-organization/index.md
+++ b/website/integrations/services/github-organization/index.md
@@ -1,12 +1,9 @@
---
title: Integrate with GitHub Organization
sidebar_label: GitHub Organization
+support_level: community
---
-# Integrate with GitHub Organization
-
-Support level: Community
-
## What is GitHub Organizations
> Organizations are shared accounts where businesses and open-source projects can collaborate across many projects at once, with sophisticated security and administrative features.
diff --git a/website/integrations/services/gitlab/index.md b/website/integrations/services/gitlab/index.md
index 679c640fdf..abeeea650f 100644
--- a/website/integrations/services/gitlab/index.md
+++ b/website/integrations/services/gitlab/index.md
@@ -1,12 +1,9 @@
---
title: Integrate with GitLab
sidebar_label: GitLab
+support_level: authentik
---
-# Integrate with GitLab
-
-Support level: authentik
-
## What is GitLab
> GitLab is a complete DevOps platform with features for version control, CI/CD, issue tracking, and collaboration, facilitating efficient software development and deployment workflows.
diff --git a/website/integrations/services/glitchtip/index.md b/website/integrations/services/glitchtip/index.md
index 4b81652c5e..c80efbf464 100644
--- a/website/integrations/services/glitchtip/index.md
+++ b/website/integrations/services/glitchtip/index.md
@@ -1,12 +1,9 @@
---
title: Integrate with Glitchtip
sidebar_label: Glitchtip
+support_level: community
---
-# Integrate with Glitchtip
-
-Support level: Community
-
## What is Glitchtip
> Bugs are inevitable in web development. The important thing is to catch them when they appear. With GlitchTip, you can rest easy knowing that if your web app throws an error or goes down, you will be notified immediately. GlitchTip combines error tracking and uptime monitoring in one open-source package to keep you and your team fully up-to-date on the status of your projects.
diff --git a/website/integrations/services/globalprotect/index.md b/website/integrations/services/globalprotect/index.md
index ad6dbd3c94..c9c4782b1b 100644
--- a/website/integrations/services/globalprotect/index.md
+++ b/website/integrations/services/globalprotect/index.md
@@ -1,12 +1,9 @@
---
title: Integrate with GlobalProtect
sidebar_label: GlobalProtect
+support_level: community
---
-# Integrate with GlobalProtect
-
-Support level: Community
-
## What is GlobalProtect
> GlobalProtect enables you to use Palo Alto Networks next-gen firewalls or Prisma Access to secure your mobile workforce.
diff --git a/website/integrations/services/google/index.md b/website/integrations/services/google/index.md
index 4ddd0445ec..b4edf330b4 100644
--- a/website/integrations/services/google/index.md
+++ b/website/integrations/services/google/index.md
@@ -1,12 +1,9 @@
---
title: Integrate with Google Workspace
sidebar_label: Google Workspace
+support_level: authentik
---
-# Integrate with Google Workspace
-
-Support level: authentik
-
## What is Google Workspace
> Google Workspace is a collection of cloud computing, productivity and collaboration tools, software and products developed and marketed by Google.
diff --git a/website/integrations/services/grafana/index.mdx b/website/integrations/services/grafana/index.mdx
index 0ff9120a39..ce063ab959 100644
--- a/website/integrations/services/grafana/index.mdx
+++ b/website/integrations/services/grafana/index.mdx
@@ -1,12 +1,9 @@
---
title: Integrate with Grafana
sidebar_label: Grafana
+support_level: authentik
---
-# Integrate with Grafana
-
-Support level: authentik
-
## What is Grafana
> Grafana is a multi-platform open source analytics and interactive visualization web application. It provides charts, graphs, and alerts for the web when connected to supported data sources, Grafana Enterprise version with additional capabilities is also available. It is expandable through a plug-in system.
diff --git a/website/integrations/services/gravitee/index.md b/website/integrations/services/gravitee/index.md
index 61bba75bc6..b9624e4de8 100644
--- a/website/integrations/services/gravitee/index.md
+++ b/website/integrations/services/gravitee/index.md
@@ -1,12 +1,9 @@
---
title: Integrate with Gravitee
sidebar_label: Gravitee
+support_level: community
---
-# Integrate with Gravitee
-
-Support level: Community
-
## What is Gravitee
> Gravitee.io API Management is a flexible, lightweight and blazing-fast Open Source solution that helps your organization control who, when and how users access your APIs.
diff --git a/website/integrations/services/harbor/index.md b/website/integrations/services/harbor/index.md
index 91265436d5..b27c549944 100644
--- a/website/integrations/services/harbor/index.md
+++ b/website/integrations/services/harbor/index.md
@@ -1,12 +1,9 @@
---
title: Integrate with Harbor
sidebar_label: Harbor
+support_level: community
---
-# Integrate with Harbor
-
-Support level: Community
-
## What is Harbor
> Harbor is an open source container image registry that secures images with role-based access control, scans images for vulnerabilities, and signs images as trusted. A CNCF Graduated project, Harbor delivers compliance, performance, and interoperability to help you consistently and securely manage images across cloud native compute platforms like Kubernetes and Docker.
diff --git a/website/integrations/services/hashicorp-cloud/index.md b/website/integrations/services/hashicorp-cloud/index.md
index dc36698689..53a1ee4b02 100644
--- a/website/integrations/services/hashicorp-cloud/index.md
+++ b/website/integrations/services/hashicorp-cloud/index.md
@@ -1,12 +1,9 @@
---
title: Integrate with HashiCorp Cloud Platform
sidebar_label: HashiCorp Cloud Platform
+support_level: community
---
-# Integrate with HashiCorp Cloud Platform
-
-Support level: Community
-
## What is HashiCorp Cloud
> HashiCorp Cloud Platform is a fully managed platform for Terraform, Vault, Consul, and more.
diff --git a/website/integrations/services/hashicorp-vault/index.md b/website/integrations/services/hashicorp-vault/index.md
index f90b8a8f75..8f75bae4c0 100644
--- a/website/integrations/services/hashicorp-vault/index.md
+++ b/website/integrations/services/hashicorp-vault/index.md
@@ -1,12 +1,9 @@
---
title: Integrate with Hashicorp Vault
sidebar_label: Hashicorp Vault
+support_level: authentik
---
-# Integrate with Hashicorp Vault
-
-Support level: authentik
-
## What is Vault
> Secure, store and tightly control access to tokens, passwords, certificates, encryption keys for protecting secrets and other sensitive data using a UI, CLI, or HTTP API.
diff --git a/website/integrations/services/hedgedoc/index.md b/website/integrations/services/hedgedoc/index.md
index a359362dc0..a77a606275 100644
--- a/website/integrations/services/hedgedoc/index.md
+++ b/website/integrations/services/hedgedoc/index.md
@@ -1,12 +1,9 @@
---
title: Integrate with HedgeDoc
sidebar_label: HedgeDoc
+support_level: community
---
-# Integrate with HedgeDoc
-
-Support level: Community
-
## What is HedgeDoc
> HedgeDoc lets you create real-time collaborative markdown notes.
diff --git a/website/integrations/services/hoarder/index.md b/website/integrations/services/hoarder/index.md
index 7e945a696e..0cf68bb056 100644
--- a/website/integrations/services/hoarder/index.md
+++ b/website/integrations/services/hoarder/index.md
@@ -1,12 +1,9 @@
---
title: Integrate with Hoarder
sidebar_label: Hoarder
+support_level: community
---
-# Integrate with Hoarder
-
-Support level: Community
-
## What is Hoarder
> A self-hostable bookmark-everything app (links, notes and images) with AI-based automatic tagging and full-text search.
diff --git a/website/integrations/services/home-assistant/index.md b/website/integrations/services/home-assistant/index.md
index 721e38ee00..1d18a52571 100644
--- a/website/integrations/services/home-assistant/index.md
+++ b/website/integrations/services/home-assistant/index.md
@@ -1,12 +1,9 @@
---
title: Integrate with Home Assistant
sidebar_label: Home Assistant
+support_level: community
---
-# Integrate with Home Assistant
-
-Support level: Community
-
## What is Home Assistant
> Open source home automation that puts local control and privacy first. Powered by a worldwide community of tinkerers and DIY enthusiasts. Perfect to run on a Raspberry Pi or a local server.
diff --git a/website/integrations/services/immich/index.md b/website/integrations/services/immich/index.md
index e2da5da480..0c2251e96b 100644
--- a/website/integrations/services/immich/index.md
+++ b/website/integrations/services/immich/index.md
@@ -1,12 +1,9 @@
---
title: Integrate with Immich
sidebar_label: Immich
+support_level: community
---
-# Integrate with Immich
-
-Support level: Community
-
## What is Immich
> Immich is a self-hosted backup solution for photos and videos on mobile devices.
diff --git a/website/integrations/services/index.mdx b/website/integrations/services/index.mdx
index 9198af60f7..7c060e85fa 100644
--- a/website/integrations/services/index.mdx
+++ b/website/integrations/services/index.mdx
@@ -6,17 +6,21 @@ sidebar_label: Applications
# Applications
import DocCardList from "@theme/DocCardList";
+import SupportBadge from "@site/src/components/SupportBadge";
-Below is a list of all applications that are known to work with authentik. All app integrations will have one of these badges:
+Below is a list of all applications that are known to work with authentik.
-- Support level: Community The
- integration is community maintained.
+:::info{title="Support Levels"}
+All app integrations will have one of these badges:
-- Support level: Vendor The integration
- is supported by the vendor.
+| | |
+| ----------------------------------- | ---------------------------------------------------------- |
+| | The integration is community maintained. |
+| | The integration is supported by the vendor. |
+| | The integration is regularly tested by the authentik team. |
+| | The integration is deprecated and may be removed. |
-- Support level: authentik The
- integration is regularly tested by the authentik team.
+:::
### Add a new application
diff --git a/website/integrations/services/jellyfin/index.md b/website/integrations/services/jellyfin/index.md
index 65f692a102..361b74c5cf 100644
--- a/website/integrations/services/jellyfin/index.md
+++ b/website/integrations/services/jellyfin/index.md
@@ -1,12 +1,9 @@
---
title: Integrate with Jellyfin
sidebar_label: Jellyfin
+support_level: community
---
-# Integrate with Jellyfin
-
-Support level: Community
-
## What is Jellyfin
> Jellyfin is a free and open source media management and streaming platform for movies, TV shows, and music.
diff --git a/website/integrations/services/jenkins/index.md b/website/integrations/services/jenkins/index.md
index 4ee5115464..0f41552489 100644
--- a/website/integrations/services/jenkins/index.md
+++ b/website/integrations/services/jenkins/index.md
@@ -1,12 +1,9 @@
---
title: Integrate with Jenkins
sidebar_label: Jenkins
+support_level: community
---
-# Integrate with Jenkins
-
-Support level: Community
-
## What is Jenkins
> The leading open source automation server, Jenkins provides hundreds of plugins to support building, deploying and automating any project.
diff --git a/website/integrations/services/kimai/index.md b/website/integrations/services/kimai/index.md
index 1e9f7c70bc..2a1049dbf3 100644
--- a/website/integrations/services/kimai/index.md
+++ b/website/integrations/services/kimai/index.md
@@ -1,12 +1,9 @@
---
title: Integrate with Kimai
sidebar_label: Kimai
+support_level: community
---
-# Integrate with Kimai
-
-Support level: Community
-
## What is Kimai
> Kimai is a free & open source timetracker. It tracks work time and prints out a summary of your activities on demand. Yearly, monthly, daily, by customer, by project … Its simplicity is its strength. Due to Kimai's browser based interface it runs cross-platform, even on your mobile device.
diff --git a/website/integrations/services/komga/index.md b/website/integrations/services/komga/index.md
index 533a35be73..5b6364b3d7 100644
--- a/website/integrations/services/komga/index.md
+++ b/website/integrations/services/komga/index.md
@@ -1,12 +1,9 @@
---
title: Integrate with Komga
sidebar_label: Komga
+support_level: community
---
-# Integrate with Komga
-
-Support level: Community
-
## What is Komga
> Komga is an open-source comic and manga server that lets users organize, read, and stream their digital comic collections with ease.
diff --git a/website/integrations/services/linkwarden/index.md b/website/integrations/services/linkwarden/index.md
index 28fb702964..c0418b89ee 100644
--- a/website/integrations/services/linkwarden/index.md
+++ b/website/integrations/services/linkwarden/index.md
@@ -1,12 +1,9 @@
---
title: Integrate with Linkwarden
sidebar_label: Linkwarden
+support_level: community
---
-# Integrate with Linkwarden
-
-Support level: Community
-
## What is Linkwarden
> Linkwarden is an open-source collaborative bookmark manager used to collect, organize, and preserve webpages.
diff --git a/website/integrations/services/mastodon/index.md b/website/integrations/services/mastodon/index.md
index ae54e6d5a1..9088c2670b 100644
--- a/website/integrations/services/mastodon/index.md
+++ b/website/integrations/services/mastodon/index.md
@@ -1,12 +1,9 @@
---
title: Integrate with Mastodon
sidebar_label: Mastodon
+support_level: community
---
-# Integrate with Mastodon
-
-Support level: Community
-
## What is Mastodon
> Mastodon is free and open-source software for running self-hosted social networking services. It has microblogging features similar to Twitter
diff --git a/website/integrations/services/matrix-synapse/index.md b/website/integrations/services/matrix-synapse/index.md
index a6543afe99..5123d65646 100644
--- a/website/integrations/services/matrix-synapse/index.md
+++ b/website/integrations/services/matrix-synapse/index.md
@@ -1,12 +1,9 @@
---
title: Integrate with Matrix Synapse
sidebar_label: Matrix Synapse
+support_level: community
---
-# Integrate with Matrix Synapse
-
-Support level: Community
-
## What is Matrix Synapse
> Matrix is an open source project that publishes the Matrix open standard for secure, decentralised, real-time communication, and its Apache licensed reference implementations.
diff --git a/website/integrations/services/meshcentral/index.md b/website/integrations/services/meshcentral/index.md
index 9ccf6dc468..9c9460334e 100644
--- a/website/integrations/services/meshcentral/index.md
+++ b/website/integrations/services/meshcentral/index.md
@@ -1,12 +1,9 @@
---
title: Integrate with MeshCentral
sidebar_label: MeshCentral
+support_level: community
---
-# Integrate with MeshCentral
-
-Support level: Community
-
## What is MeshCentral
> MeshCentral is a free, open source, web-based platform for remote device management.
diff --git a/website/integrations/services/minio/index.md b/website/integrations/services/minio/index.md
index 23604f2a9e..7d15beba88 100644
--- a/website/integrations/services/minio/index.md
+++ b/website/integrations/services/minio/index.md
@@ -1,12 +1,9 @@
---
title: Integrate with MinIO
sidebar_label: MinIO
+support_level: authentik
---
-# Integrate with MinIO
-
-Support level: authentik
-
## What is MinIO
> MinIO is an Amazon S3 compatible object storage suite capable of handling structured and unstructured data including log files, artifacts, backups, container images, photos and videos. The current maximum supported object size is 5TB.
diff --git a/website/integrations/services/mobilizon/index.md b/website/integrations/services/mobilizon/index.md
index 223ccad0cf..dccf904698 100644
--- a/website/integrations/services/mobilizon/index.md
+++ b/website/integrations/services/mobilizon/index.md
@@ -1,12 +1,9 @@
---
title: Integrate with Mobilizon
sidebar_label: Mobilizon
+support_level: community
---
-# Integrate with Mobilizon
-
-Support level: Community
-
## What is Mobilizon
> Gather, organize and mobilize yourselves with a convivial, ethical, and emancipating tool. https://joinmobilizon.org
diff --git a/website/integrations/services/netbird/index.md b/website/integrations/services/netbird/index.md
index b106773554..e161c59d31 100644
--- a/website/integrations/services/netbird/index.md
+++ b/website/integrations/services/netbird/index.md
@@ -1,12 +1,9 @@
---
title: Integrate with NetBird
sidebar_label: NetBird
+support_level: community
---
-# Integrate with NetBird
-
-Support level: Community
-
## What is NetBird?
> NetBird is an open source, zero trust, networking platform that allows you to create secure private networks for your organization or home.
diff --git a/website/integrations/services/netbox/index.md b/website/integrations/services/netbox/index.md
index b68df302f8..040392be47 100644
--- a/website/integrations/services/netbox/index.md
+++ b/website/integrations/services/netbox/index.md
@@ -1,12 +1,9 @@
---
title: Integrate with NetBox
sidebar_label: NetBox
+support_level: community
---
-# Integrate with NetBox
-
-Support level: Community
-
## What is NetBox
> NetBox is the leading solution for modeling and documenting modern networks.
diff --git a/website/integrations/services/nextcloud/index.md b/website/integrations/services/nextcloud/index.md
index 8503e61a06..c845f5dcd3 100644
--- a/website/integrations/services/nextcloud/index.md
+++ b/website/integrations/services/nextcloud/index.md
@@ -1,12 +1,9 @@
---
title: Integrate with Nextcloud
sidebar_label: Nextcloud
+support_level: community
---
-# Integrate with Nextcloud
-
-Support level: Community
-
## What is Nextcloud
> Nextcloud is a suite of client-server software for creating and using file hosting services. Nextcloud is free and open-source, which means that anyone is allowed to install and operate it on their own private server devices.
diff --git a/website/integrations/services/node-red/index.md b/website/integrations/services/node-red/index.md
index 574c337a30..1f6c81fefd 100644
--- a/website/integrations/services/node-red/index.md
+++ b/website/integrations/services/node-red/index.md
@@ -1,12 +1,9 @@
---
title: Integrate with Node-RED
sidebar_label: Node-RED
+support_level: community
---
-# Integrate with Node-RED
-
-Support level: Community
-
## What is Node-RED
> Node-RED is a programming tool for wiring together hardware devices, APIs and online services in new and interesting ways.
diff --git a/website/integrations/services/observium/index.md b/website/integrations/services/observium/index.md
index fcdcd54708..1fdcd73893 100644
--- a/website/integrations/services/observium/index.md
+++ b/website/integrations/services/observium/index.md
@@ -1,12 +1,9 @@
---
title: Integrate with Observium
sidebar_label: Observium
+support_level: community
---
-# Integrate with Observium
-
-Support level: Community
-
## What is Observium
> Observium is a network monitoring and management platform that provides real-time insight into network health and performance.
diff --git a/website/integrations/services/onlyoffice/index.md b/website/integrations/services/onlyoffice/index.md
index 1d3ee4db0e..eb89886f66 100644
--- a/website/integrations/services/onlyoffice/index.md
+++ b/website/integrations/services/onlyoffice/index.md
@@ -1,12 +1,9 @@
---
title: Integrate with OnlyOffice
sidebar_label: OnlyOffice
+support_level: community
---
-# Integrate with OnlyOffice
-
-Support level: Community
-
## What is OnlyOffice
> OnlyOffice, stylized as ONLYOFFICE, is a free software office suite developed by Ascensio System SIA, a company headquartered in Riga, Latvia. It features online document editors, platform for document management, corporate communication, mail and project management tools
diff --git a/website/integrations/services/open-webui/index.md b/website/integrations/services/open-webui/index.md
index b2b7e5ca68..1807b16bee 100644
--- a/website/integrations/services/open-webui/index.md
+++ b/website/integrations/services/open-webui/index.md
@@ -1,12 +1,9 @@
---
title: Integrate with Open WebUI
sidebar_label: Open WebUI
+support_level: community
---
-# Integrate with Open WebUI
-
-Support level: Community
-
## What is Open WebUI
> Open WebUI is a simple, self-hosted AI platform that works entirely offline. It supports tools like Ollama and OpenAI-style APIs and has a built-in engine for RAG tasks.
diff --git a/website/integrations/services/opnsense/index.md b/website/integrations/services/opnsense/index.md
index 43fe98a9d0..d45016ea80 100644
--- a/website/integrations/services/opnsense/index.md
+++ b/website/integrations/services/opnsense/index.md
@@ -1,12 +1,9 @@
---
title: Integrate with OPNsense
sidebar_label: OPNsense
+support_level: community
---
-# Integrate with OPNsense
-
-Support level: Community
-
## What is OPNsense
> OPNsense is a free and Open-Source FreeBSD-based firewall and routing software. It is licensed under an Open Source Initiative approved license.
diff --git a/website/integrations/services/oracle-cloud/index.md b/website/integrations/services/oracle-cloud/index.md
index 40c4dc862f..d02942c7fc 100644
--- a/website/integrations/services/oracle-cloud/index.md
+++ b/website/integrations/services/oracle-cloud/index.md
@@ -1,12 +1,9 @@
---
title: Integrate with Oracle Cloud
sidebar_label: Oracle Cloud
+support_level: community
---
-# Integrate with Oracle Cloud
-
-Support level: Community
-
## What is Oracle Cloud
> Oracle Cloud is the first public cloud built from the ground up to be a better cloud for every application. By rethinking core engineering and systems design for cloud computing, we created innovations that accelerate migrations, deliver better reliability and performance for all applications, and offer the complete services customers need to build innovative cloud applications.
diff --git a/website/integrations/services/organizr/index.md b/website/integrations/services/organizr/index.md
index 6264e77092..a2a5922934 100644
--- a/website/integrations/services/organizr/index.md
+++ b/website/integrations/services/organizr/index.md
@@ -1,12 +1,9 @@
---
title: Integrate with organizr
sidebar_label: organizr
+support_level: community
---
-# Integrate with organizr
-
-Support level: Community
-
## What is organizr
> Organizr allows you to setup "Tabs" that will be loaded all in one webpage.
diff --git a/website/integrations/services/outline/index.md b/website/integrations/services/outline/index.md
index 1efeb2a22b..93c2279305 100644
--- a/website/integrations/services/outline/index.md
+++ b/website/integrations/services/outline/index.md
@@ -1,12 +1,9 @@
---
title: Integrate with Outline
sidebar_label: Outline
+support_level: community
---
-# Integrate with Outline
-
-Support level: Community
-
## What is Outline
> Your team's knowledge base.
diff --git a/website/integrations/services/owncloud/index.md b/website/integrations/services/owncloud/index.md
index 93601ee645..6fb30039da 100644
--- a/website/integrations/services/owncloud/index.md
+++ b/website/integrations/services/owncloud/index.md
@@ -1,10 +1,9 @@
---
title: Integrate with ownCloud
sidebar_label: ownCloud
+support_level: community
---
-Support level: Community
-
## What is ownCloud
> ownCloud is a free and open-source software project for content collaboration and sharing and syncing of files.
diff --git a/website/integrations/services/paperless-ng/index.md b/website/integrations/services/paperless-ng/index.md
index 095d6a7bb3..e20ae7edf2 100644
--- a/website/integrations/services/paperless-ng/index.md
+++ b/website/integrations/services/paperless-ng/index.md
@@ -1,12 +1,9 @@
---
title: Integrate with Paperless-ng
sidebar_label: Paperless-ng
+support_level: community
---
-# Integrate with Paperless-ng
-
-Support level: Community
-
## What is Paperless-ng
> Paperless-ng is an application that indexes your scanned documents and allows you to easily search for documents and store metadata alongside your documents. It was a fork from the original Paperless that is no longer maintained.
diff --git a/website/integrations/services/paperless-ngx/index.mdx b/website/integrations/services/paperless-ngx/index.mdx
index eb791b912a..efa81858ce 100644
--- a/website/integrations/services/paperless-ngx/index.mdx
+++ b/website/integrations/services/paperless-ngx/index.mdx
@@ -1,12 +1,9 @@
---
title: Integrate with Paperless-ngx
sidebar_label: Paperless-ngx
+support_level: community
---
-# Integrate with Paperless-ngx
-
-Support level: Community
-
## What is Paperless-ngx
> Paperless-ngx is an application that indexes your scanned documents and allows you to easily search for documents and store metadata alongside your documents. It was a fork from paperless-ngx, in turn a fork from the original Paperless, neither of which are maintained any longer.
diff --git a/website/integrations/services/pfsense/index.md b/website/integrations/services/pfsense/index.md
index fad6f22d55..e843ebd0d8 100644
--- a/website/integrations/services/pfsense/index.md
+++ b/website/integrations/services/pfsense/index.md
@@ -1,12 +1,9 @@
---
title: Integrate with pfSense
sidebar_label: pfSense
+support_level: community
---
-# Integrate with pfSense
-
-Support level: Community
-
## What is pfSense
> The pfSense project is a free network firewall distribution, based on the FreeBSD operating system with a custom kernel and including third party free software packages for additional functionality.
diff --git a/website/integrations/services/pgadmin/index.md b/website/integrations/services/pgadmin/index.md
index 2a8cccb72f..631110439c 100644
--- a/website/integrations/services/pgadmin/index.md
+++ b/website/integrations/services/pgadmin/index.md
@@ -1,12 +1,9 @@
---
title: Integrate with pgAdmin
sidebar_label: pgAdmin
+support_level: community
---
-# Integrate with pgAdmin
-
-Support level: Community
-
## What is pgAdmin
> pgAdmin is a management tool for PostgreSQL and derivative relational databases such as EnterpriseDB's EDB Advanced Server. It may be run either as a web or desktop application.
diff --git a/website/integrations/services/phpipam/index.md b/website/integrations/services/phpipam/index.md
index c11411377f..97164c12eb 100644
--- a/website/integrations/services/phpipam/index.md
+++ b/website/integrations/services/phpipam/index.md
@@ -1,12 +1,9 @@
---
title: Integrate with phpIPAM
sidebar_label: phpIPAM
+support_level: community
---
-# Integrate with phpIPAM
-
-Support level: Community
-
## What is phpIPAM
> phpipam is an open-source web IP address management application (IPAM). Its goal is to provide light, modern and useful IP address management. It is php-based application with MySQL database backend, using jQuery libraries, ajax and HTML5/CSS3 features.
diff --git a/website/integrations/services/portainer/index.md b/website/integrations/services/portainer/index.md
index 6e3bce99fa..07e0704087 100644
--- a/website/integrations/services/portainer/index.md
+++ b/website/integrations/services/portainer/index.md
@@ -1,12 +1,9 @@
---
title: Integrate with Portainer
sidebar_label: Portainer
+support_level: community
---
-# Integrate with Portainer
-
-Support level: Community
-
## What is Portainer
> Portainer is a powerful, GUI-based Container-as-a-Service solution that helps organizations manage and deploy cloud-native applications easily and securely.
diff --git a/website/integrations/services/powerdns-admin/index.md b/website/integrations/services/powerdns-admin/index.md
index 412460f131..e88ade5e29 100644
--- a/website/integrations/services/powerdns-admin/index.md
+++ b/website/integrations/services/powerdns-admin/index.md
@@ -1,12 +1,9 @@
---
title: Integrate with PowerDNS-Admin
sidebar_label: PowerDNS-Admin
+support_level: community
---
-# Integrate with PowerDNS-Admin
-
-Support level: Community
-
## What is PowerDNS-Admin
> A PowerDNS web interface with advanced features.
diff --git a/website/integrations/services/proftpd/index.md b/website/integrations/services/proftpd/index.md
index 7d57b5a351..b52d1cd432 100644
--- a/website/integrations/services/proftpd/index.md
+++ b/website/integrations/services/proftpd/index.md
@@ -1,12 +1,9 @@
---
title: Integrate with ProFTPD
sidebar_label: ProFTPD
+support_level: community
---
-# Integrate with ProFTPD
-
-Support level: Community
-
## What is ProFTPD
> ProFTPD is a high-performance, extremely configurable, and most of all a secure FTP server, featuring Apache-like configuration and blazing performance.
diff --git a/website/integrations/services/proxmox-ve/index.md b/website/integrations/services/proxmox-ve/index.md
index 4b6fd72c53..d030397458 100644
--- a/website/integrations/services/proxmox-ve/index.md
+++ b/website/integrations/services/proxmox-ve/index.md
@@ -1,12 +1,9 @@
---
title: Integrate with Proxmox VE
sidebar_label: Proxmox VE
+support_level: community
---
-# Integrate with Proxmox VE
-
-Support level: Community
-
## What is Proxmox VE
> Proxmox Virtual Environment is an open source server virtualization management solution based on QEMU/KVM and LXC. You can manage virtual machines, containers, highly available clusters, storage, and networks with an integrated, easy-to-use web interface or via CLI. Proxmox VE code is licensed under the GNU Affero General Public License, version 3. The project is developed and maintained by Proxmox Server Solutions GmbH.
diff --git a/website/integrations/services/qnap-nas/index.md b/website/integrations/services/qnap-nas/index.md
index 263c16af4a..01299eaf61 100644
--- a/website/integrations/services/qnap-nas/index.md
+++ b/website/integrations/services/qnap-nas/index.md
@@ -3,8 +3,6 @@ title: Integrate with QNAP NAS
sidebar_label: QNAP NAS
---
-# Integrate with QNAP NAS
-
## What is QNAP NAS
> QNAP Systems, Inc. is a Taiwanese corporation that specializes in network-attached storage appliances used for file sharing, virtualization, storage management and surveillance applications.
diff --git a/website/integrations/services/rancher/index.md b/website/integrations/services/rancher/index.md
index 4e70cc8c86..66f864529d 100644
--- a/website/integrations/services/rancher/index.md
+++ b/website/integrations/services/rancher/index.md
@@ -1,12 +1,9 @@
---
title: Integrate with Rancher
sidebar_label: Rancher
+support_level: authentik
---
-# Integrate with Rancher
-
-Support level: authentik
-
## What is Rancher
> An enterprise platform for managing Kubernetes Everywhere
diff --git a/website/integrations/services/rocketchat/index.md b/website/integrations/services/rocketchat/index.md
index de40f28fbe..c937fac648 100644
--- a/website/integrations/services/rocketchat/index.md
+++ b/website/integrations/services/rocketchat/index.md
@@ -1,12 +1,9 @@
---
title: Integrate with Rocket.chat
sidebar_label: Rocket.chat
+support_level: community
---
-# Integrate with Rocket.chat
-
-Support level: Community
-
## What is Rocket.chat
> Rocket.Chat is an open-source fully customizable communications platform developed in JavaScript for organizations with high standards of data protection. It is licensed under the MIT License with some other licenses mixed in. See [Rocket.chat GitHub](https://github.com/RocketChat/Rocket.Chat/blob/develop/LICENSE) for licensing information.
diff --git a/website/integrations/services/roundcube/index.md b/website/integrations/services/roundcube/index.md
index fc0ef622f8..28f07c5a35 100644
--- a/website/integrations/services/roundcube/index.md
+++ b/website/integrations/services/roundcube/index.md
@@ -1,12 +1,9 @@
---
title: Integrate with Roundcube
sidebar_label: Roundcube
+support_level: community
---
-# Integrate with Roundcube
-
-Support level: Community
-
## What is Roundcube
> **Roundcube** is a browser-based multilingual IMAP client with an application-like user interface.
diff --git a/website/integrations/services/rustdesk-pro/index.mdx b/website/integrations/services/rustdesk-pro/index.mdx
index 80c8306a7e..b5b51756d0 100644
--- a/website/integrations/services/rustdesk-pro/index.mdx
+++ b/website/integrations/services/rustdesk-pro/index.mdx
@@ -1,12 +1,9 @@
---
title: Integrate with RustDesk Server Pro
sidebar_label: RustDesk Server Pro
+support_level: community
---
-# Integrate with RustDesk Server Pro
-
-Support level: Community
-
## What is RustDesk Server Pro?
> RustDesk Server Pro is a premium self-hosted solution for managing remote desktop connections securely and efficiently.
diff --git a/website/integrations/services/semaphore/index.mdx b/website/integrations/services/semaphore/index.mdx
index 37ab8df3b2..c6c47b3014 100644
--- a/website/integrations/services/semaphore/index.mdx
+++ b/website/integrations/services/semaphore/index.mdx
@@ -1,12 +1,9 @@
---
title: Integrate with Semaphore UI
sidebar_label: Semaphore
+support_level: community
---
-# Integrate with Semaphore UI
-
-Support level: Community
-
## What is Semaphore UI
> Semaphore UI is a modern web interface for managing popular DevOps tools.
diff --git a/website/integrations/services/semgrep/index.md b/website/integrations/services/semgrep/index.md
index bbbf5cf8a8..d1218915a9 100644
--- a/website/integrations/services/semgrep/index.md
+++ b/website/integrations/services/semgrep/index.md
@@ -1,12 +1,9 @@
---
title: Integrate with Semgrep
sidebar_label: Semgrep
+support_level: community
---
-# Integrate with Semgrep
-
-Support level: Community
-
## What is Semgrep
> **Semgrep**: An application security solution that combines SAST, SCA, and secret detection.
diff --git a/website/integrations/services/sentry/index.md b/website/integrations/services/sentry/index.md
index 6ad2373e64..ad2d8e79f1 100644
--- a/website/integrations/services/sentry/index.md
+++ b/website/integrations/services/sentry/index.md
@@ -1,12 +1,9 @@
---
title: Integrate with Sentry
sidebar_label: Sentry
+support_level: authentik
---
-# Integrate with Sentry
-
-Support level: authentik
-
## What is Sentry
> Sentry provides self-hosted and cloud-based error monitoring that helps all software teams discover, triage, and prioritize errors in real-time.
diff --git a/website/integrations/services/sharepoint-se/index.md b/website/integrations/services/sharepoint-se/index.md
index eede57e7a2..57965404dd 100644
--- a/website/integrations/services/sharepoint-se/index.md
+++ b/website/integrations/services/sharepoint-se/index.md
@@ -1,12 +1,9 @@
---
title: Integrate with SharePoint Server SE
sidebar_label: SharePoint Server SE
+support_level: community
---
-# Integrate with SharePoint Server SE
-
-Support level: Community
-
## What is Microsoft SharePoint
> SharePoint is a proprietary, web-based collaborative platform that integrates natively with Microsoft 365.
diff --git a/website/integrations/services/skyhigh/index.md b/website/integrations/services/skyhigh/index.md
index 565f96ad48..8d7a202561 100644
--- a/website/integrations/services/skyhigh/index.md
+++ b/website/integrations/services/skyhigh/index.md
@@ -1,12 +1,9 @@
---
title: Integrate with Skyhigh Security
sidebar_label: Skyhigh Security
+support_level: community
---
-# Integrate with Skyhigh Security
-
-Support level: Community
-
## What is Skyhigh Security
> Skyhigh Security is a Security Services Edge (SSE), Cloud Access Security Broker (CASB), and Secure Web Gateway (SWG), and Private Access (PA / ZTNA) cloud provider.
diff --git a/website/integrations/services/slack/index.md b/website/integrations/services/slack/index.md
index a974dc0bbd..f467162b72 100644
--- a/website/integrations/services/slack/index.md
+++ b/website/integrations/services/slack/index.md
@@ -1,12 +1,9 @@
---
title: Integrate with Slack
sidebar_label: Slack
+support_level: authentik
---
-# Integrate with Slack
-
-Support level: authentik
-
## What is Slack
> Slack is a platform for collaboration, with chat and real-time video capabilities. To learn more, visit https://slack.com.
diff --git a/website/integrations/services/snipe-it/index.md b/website/integrations/services/snipe-it/index.md
index 9ae05f300c..5833d6fe11 100644
--- a/website/integrations/services/snipe-it/index.md
+++ b/website/integrations/services/snipe-it/index.md
@@ -1,12 +1,9 @@
---
title: Integrate with Snipe-IT
sidebar_label: Snipe-IT
+support_level: community
---
-# Integrate with Snipe-IT
-
-Support level: Community
-
## What is Snipe-IT
> A free open source IT asset/license management system.
diff --git a/website/integrations/services/sonar-qube/index.md b/website/integrations/services/sonar-qube/index.mdx
similarity index 96%
rename from website/integrations/services/sonar-qube/index.md
rename to website/integrations/services/sonar-qube/index.mdx
index b15afd88bc..2ea883982c 100644
--- a/website/integrations/services/sonar-qube/index.md
+++ b/website/integrations/services/sonar-qube/index.mdx
@@ -3,9 +3,7 @@ title: Integrate with SonarQube
sidebar_label: SonarQube
---
-# Integrate with SonarQube
-
-Support level: Community
+Support level: Community
## What is SonarQube
diff --git a/website/integrations/services/sonarr/index.md b/website/integrations/services/sonarr/index.md
index 244d16e19f..88dbf334c7 100644
--- a/website/integrations/services/sonarr/index.md
+++ b/website/integrations/services/sonarr/index.md
@@ -1,12 +1,9 @@
---
title: Integrate with Sonarr
sidebar_label: Sonarr
+support_level: community
---
-# Integrate with Sonarr
-
-Support level: Community
-
:::note
These instructions apply to all projects in the \*arr Family. If you use multiple of these projects, you can assign them to the same Outpost.
:::
diff --git a/website/integrations/services/sssd/index.md b/website/integrations/services/sssd/index.md
index 5f21c4ac5b..22b5da55af 100644
--- a/website/integrations/services/sssd/index.md
+++ b/website/integrations/services/sssd/index.md
@@ -1,12 +1,9 @@
---
title: Integrate with sssd
sidebar_label: sssd
+support_level: community
---
-# Integrate with sssd
-
-Support level: Community
-
## What is sssd
> **SSSD** is an acronym for System Security Services Daemon. It is the client component of centralized identity management solutions such as FreeIPA, 389 Directory Server, Microsoft Active Directory, OpenLDAP and other directory servers. The client serves and caches the information stored in the remote directory server and provides identity, authentication and authorization services to the host machine.
diff --git a/website/integrations/services/synology-dsm/index.md b/website/integrations/services/synology-dsm/index.md
index ada486637c..fbaa7ed859 100644
--- a/website/integrations/services/synology-dsm/index.md
+++ b/website/integrations/services/synology-dsm/index.md
@@ -1,12 +1,9 @@
---
title: Integrate with Synology DSM (DiskStation Manager)
sidebar_label: Synology DSM (DiskStation Manager)
+support_level: community
---
-# Integrate with Synology DSM (DiskStation Manager)
-
-Support level: Community
-
## What is Synology DSM
> Synology Inc. is a Taiwanese corporation that specializes in network-attached storage (NAS) appliances. Synology's line of NAS is known as the DiskStation for desktop models, FlashStation for all-flash models, and RackStation for rack-mount models. Synology's products are distributed worldwide and localized in several languages.
diff --git a/website/integrations/services/tautulli/index.md b/website/integrations/services/tautulli/index.md
index 15f856c8bc..ea7ea6ba9b 100644
--- a/website/integrations/services/tautulli/index.md
+++ b/website/integrations/services/tautulli/index.md
@@ -1,12 +1,9 @@
---
title: Integrate with Tautulli
sidebar_label: Tautulli
+support_level: community
---
-# Integrate with Tautulli
-
-Support level: Community
-
## What is Tautulli
> Tautulli is a 3rd party application that you can run alongside your Plex Media Server to monitor activity and track various statistics. Most importantly, these statistics include what has been watched, who watched it, when and where they watched it, and how it was watched. The only thing missing is "why they watched it", but who am I to question your 42 plays of Frozen. All statistics are presented in a nice and clean interface with many tables and graphs, which makes it easy to brag about your server to everyone else.
diff --git a/website/integrations/services/terrakube/index.md b/website/integrations/services/terrakube/index.md
index 491c362bb1..c823951b69 100644
--- a/website/integrations/services/terrakube/index.md
+++ b/website/integrations/services/terrakube/index.md
@@ -1,12 +1,9 @@
---
title: Integrate with Terrakube
sidebar_label: Terrakube
+support_level: community
---
-# Integrate with Terrakube
-
-Support level: Community
-
## What is Terrakube
> Terrakube is an open-source collaboration platform designed for managing remote Infrastructure-as-Code (IaC) operations with Terraform. It serves as a alternative to proprietary tools like Terraform Enterprise.
@@ -36,10 +33,10 @@ This documentation lists only the settings that you need to change from their de
This guide assumes that you have environment variables `$TERRAKUBE_OIDC_CLIENT_ID` and `$TERRAKUBE_OIDC_CLIENT_SECRET` set up. You can hard-code values if your setup doesn’t support environment variables, but be aware that doing so is not recommended for security reasons.
-1. **Locate the Dex Configuration File**
+1. **Locate the Dex Configuration File**
Find the Dex configuration file, typically named `config.yaml` or `config.docker.yaml`. It’s usually located in the `/etc/dex` directory or the corresponding directory for a containerized setup.
-2. **Update the Dex Configuration**
+2. **Update the Dex Configuration**
To define the Terrakube OIDC connector, open the configuration file and add the following block:
```yaml
@@ -55,7 +52,7 @@ This guide assumes that you have environment variables `$TERRAKUBE_OIDC_CLIENT_I
insecureEnableGroups: true
```
-3. **Set Environment Variables**
+3. **Set Environment Variables**
Add the following variables to your `.env` file, replacing them with the appropriate values for your Client ID and Client Secret:
```env
diff --git a/website/integrations/services/thelounge/index.md b/website/integrations/services/thelounge/index.md
index cb9d2269fe..890e6dd32a 100644
--- a/website/integrations/services/thelounge/index.md
+++ b/website/integrations/services/thelounge/index.md
@@ -1,12 +1,9 @@
---
title: Integrate with The Lounge
sidebar_label: The Lounge
+support_level: community
---
-# Integrate with The Lounge
-
-Support level: Community
-
## What is The Lounge
> The Lounge is a modern, web-based IRC (Internet Relay Chat) client that allows users to stay connected to IRC servers even when offline.
diff --git a/website/integrations/services/truecommand/index.md b/website/integrations/services/truecommand/index.md
index 8bb3d23a74..4925b88e41 100644
--- a/website/integrations/services/truecommand/index.md
+++ b/website/integrations/services/truecommand/index.md
@@ -1,12 +1,9 @@
---
title: Integrate with TrueNAS TrueCommand
sidebar_label: TrueNAS TrueCommand
+support_level: community
---
-# Integrate with TrueNAS TrueCommand
-
-Support level: Community
-
## What is TrueNAS TrueCommand
> TrueCommand is a ZFS-aware solution allowing you to set custom alerts on statistics like ARC usage or pool capacity and ensuring storage uptime and future planning. TrueCommand also identifies and pinpoints errors on drives or vdevs (RAID groups), saving you valuable time when resolving issues.
diff --git a/website/integrations/services/ubuntu-landscape/index.md b/website/integrations/services/ubuntu-landscape/index.md
index cb5c76d7d1..8fd0fe8039 100644
--- a/website/integrations/services/ubuntu-landscape/index.md
+++ b/website/integrations/services/ubuntu-landscape/index.md
@@ -1,12 +1,9 @@
---
title: Integrate with Ubuntu Landscape
sidebar_label: Ubuntu Landscape
+support_level: community
---
-# Integrate with Ubuntu Landscape
-
-Support level: Community
-
## What is Ubuntu Landscape
> Landscape is a systems management tool developed by Canonical. It can be run on-premises or in the cloud depending on the needs of the user. It is primarily designed for use with Ubuntu derivatives such as Desktop, Server, and Core.
diff --git a/website/integrations/services/uptime-kuma/index.md b/website/integrations/services/uptime-kuma/index.md
index 0c16c4cffd..a500725d8f 100644
--- a/website/integrations/services/uptime-kuma/index.md
+++ b/website/integrations/services/uptime-kuma/index.md
@@ -1,12 +1,9 @@
---
title: Integrate with Uptime Kuma
sidebar_label: Uptime Kuma
+support_level: community
---
-# Integrate with Uptime Kuma
-
-Support level: Community
-
## What is Uptime Kuma
> Uptime Kuma is an easy-to-use self-hosted monitoring tool.
@@ -53,8 +50,8 @@ Create an application in authentik. Create a Proxy provider with the following p
^/upload/.*
```
- Alternatively, you can get even more specific by analyzing the requests for your status pages and modifying the regex rules above accordingly.
- For example:
+ Alternatively, you can get even more specific by analyzing the requests for your status pages and modifying the regex rules above accordingly.
+ For example:
```
^/status/$
diff --git a/website/integrations/services/veeam-enterprise-manager/index.md b/website/integrations/services/veeam-enterprise-manager/index.md
index 9ff3025290..088391d777 100644
--- a/website/integrations/services/veeam-enterprise-manager/index.md
+++ b/website/integrations/services/veeam-enterprise-manager/index.md
@@ -1,12 +1,9 @@
---
title: Integrate with Veeam Enterprise Manager
sidebar_label: Veeam Enterprise Manager
+support_level: community
---
-# Integrate with Veeam Enterprise Manager
-
-Support level: Community
-
## What is Veeam Enterprise Manager
> Veeam Backup Enterprise Manager (Enterprise Manager) is a management and reporting component that allows you to manage multiple Veeam Backup & Replication installations from a single web console. Veeam Backup Enterprise Manager helps you optimize performance in remote office/branch office (ROBO) and large-scale deployments and maintain a view of your entire virtual environment.
diff --git a/website/integrations/services/vikunja/index.md b/website/integrations/services/vikunja/index.md
index 3193d5a125..6db9d7b087 100644
--- a/website/integrations/services/vikunja/index.md
+++ b/website/integrations/services/vikunja/index.md
@@ -1,12 +1,9 @@
---
title: Integrate with Vikunja
sidebar_label: Vikunja
+support_level: community
---
-# Integrate with Vikunja
-
-Support level: Community
-
## What is Vikunja
> Vikunja is an Open-Source, self-hosted To-Do list application for all platforms. It is licensed under the GPLv3.
diff --git a/website/integrations/services/vmware-vcenter/index.md b/website/integrations/services/vmware-vcenter/index.md
index eb6f12c3a2..fe317a2d5a 100644
--- a/website/integrations/services/vmware-vcenter/index.md
+++ b/website/integrations/services/vmware-vcenter/index.md
@@ -1,12 +1,9 @@
---
title: Integrate with VMware vCenter
sidebar_label: VMware vCenter
+support_level: community
---
-# Integrate with VMware vCenter
-
-Support level: Community
-
## What is vCenter
> vCenter Server is the centralized management utility for VMware, and is used to manage virtual machines, multiple ESXi hosts, and all dependent components from a single centralized location. VMware vMotion and svMotion require the use of vCenter and ESXi hosts.
diff --git a/website/integrations/services/weblate/index.md b/website/integrations/services/weblate/index.md
index ca94dbd168..98f32bd368 100644
--- a/website/integrations/services/weblate/index.md
+++ b/website/integrations/services/weblate/index.md
@@ -1,12 +1,9 @@
---
title: Integrate with Weblate
sidebar_label: Weblate
+support_level: community
---
-# Integrate with Weblate
-
-Support level: Community
-
## What is Weblate
> Weblate is a copylefted libre software web-based continuous localization system, used by over 2500 libre projects and companies in more than 165 countries.
diff --git a/website/integrations/services/wekan/index.mdx b/website/integrations/services/wekan/index.mdx
index 52967e7f57..af542e83cb 100644
--- a/website/integrations/services/wekan/index.mdx
+++ b/website/integrations/services/wekan/index.mdx
@@ -1,12 +1,9 @@
---
title: Integrate with Wekan
sidebar_label: Wekan
+support_level: community
---
-# Integrate with Wekan
-
-Support level: Community
-
## What is Wekan
> Wekan is an open-source kanban board which allows a card-based task and to-do management.
diff --git a/website/integrations/services/whats-up-docker/index.md b/website/integrations/services/whats-up-docker/index.md
index 8d63b405bf..0a3ffb2100 100644
--- a/website/integrations/services/whats-up-docker/index.md
+++ b/website/integrations/services/whats-up-docker/index.md
@@ -1,12 +1,9 @@
---
title: Integrate with What's Up Docker
sidebar_label: What's Up Docker
+support_level: community
---
-# Integrate with What's Up Docker
-
-Support level: Community
-
## What is What's Up Docker
> What's Up Docker (WUD) is an easy-to-use tool that alerts you whenever a new version of your Docker containers is released.
diff --git a/website/integrations/services/wiki-js/index.md b/website/integrations/services/wiki-js/index.md
index 1e6b873e27..51aea4c0da 100644
--- a/website/integrations/services/wiki-js/index.md
+++ b/website/integrations/services/wiki-js/index.md
@@ -1,12 +1,9 @@
---
title: Integrate with Wiki.js
sidebar_label: Wiki.js
+support_level: community
---
-# Integrate with Wiki.js
-
-Support level: Community
-
## What is Wiki.js
> Wiki.js is a wiki engine running on Node.js and written in JavaScript. It is free software released under the Affero GNU General Public License. It is available as a self-hosted solution or using "single-click" install on the DigitalOcean and AWS marketplace.
diff --git a/website/integrations/services/wordpress/index.md b/website/integrations/services/wordpress/index.md
index e7e1466481..848df34bf5 100644
--- a/website/integrations/services/wordpress/index.md
+++ b/website/integrations/services/wordpress/index.md
@@ -1,12 +1,9 @@
---
title: Integrate with WordPress
sidebar_label: WordPress
+support_level: community
---
-# Integrate with WordPress
-
-Support level: Community
-
## What is WordPress
> WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. Features include a plugin architecture and a template system, referred to within WordPress as Themes
diff --git a/website/integrations/services/writefreely/index.md b/website/integrations/services/writefreely/index.md
index 037be674e5..be97d57669 100644
--- a/website/integrations/services/writefreely/index.md
+++ b/website/integrations/services/writefreely/index.md
@@ -1,12 +1,9 @@
---
title: Integrate with Writefreely
sidebar_label: Writefreely
+support_level: community
---
-# Integrate with Writefreely
-
-Support level: Community
-
## What is Writefreely
> An open source platform for building a writing space on the web.
diff --git a/website/integrations/services/xen-orchestra/index.md b/website/integrations/services/xen-orchestra/index.md
index 00dc4293f1..d0ca585236 100644
--- a/website/integrations/services/xen-orchestra/index.md
+++ b/website/integrations/services/xen-orchestra/index.md
@@ -1,12 +1,9 @@
---
title: Integrate with Xen Orchestra
sidebar_label: Xen Orchestra
+support_level: community
---
-# Integrate with Xen Orchestra
-
-Support level: Community
-
## What is Xen Orchestra
> Xen Orchestra provides a user friendly web interface for every Xen based hypervisor (XenServer, xcp-ng, etc.).
diff --git a/website/integrations/services/zabbix/index.md b/website/integrations/services/zabbix/index.md
index 4647bd1ca0..fe4d552318 100644
--- a/website/integrations/services/zabbix/index.md
+++ b/website/integrations/services/zabbix/index.md
@@ -1,12 +1,9 @@
---
title: Integrate with Zabbix
sidebar_label: Zabbix
+support_level: community
---
-# Integrate with Zabbix
-
-Support level: Community
-
## What is Zabbix
> Zabbix is the ultimate enterprise-level software designed for real-time monitoring of millions of metrics collected from tens of thousands of servers, virtual machines and network devices.
diff --git a/website/integrations/services/zammad/index.md b/website/integrations/services/zammad/index.md
index 0dab5f41a2..3639d5a369 100644
--- a/website/integrations/services/zammad/index.md
+++ b/website/integrations/services/zammad/index.md
@@ -1,12 +1,9 @@
---
title: Integrate with Zammad
sidebar_label: Zammad
+support_level: community
---
-# Integrate with Zammad
-
-Support level: Community
-
## What is Zammad
> Zammad is a web-based, open source user support/ticketing solution.
diff --git a/website/integrations/services/zulip/index.md b/website/integrations/services/zulip/index.md
index a03563e2fb..8c0e205997 100644
--- a/website/integrations/services/zulip/index.md
+++ b/website/integrations/services/zulip/index.md
@@ -1,12 +1,9 @@
---
title: Integrate with Zulip
sidebar_label: Zulip
+support_level: community
---
-# Integrate with Zulip
-
-Support level: Community
-
## What is Zulip
> **Zulip**: Chat for distributed teams. Zulip combines the immediacy of real-time chat with an email threading model.
diff --git a/website/integrations/template/service.md b/website/integrations/template/service.md
index 8b607ea3ba..92b9b51699 100644
--- a/website/integrations/template/service.md
+++ b/website/integrations/template/service.md
@@ -1,12 +1,9 @@
---
title: Integrate with Service Name
sidebar_label: Service Name
+support_level: community
---
-# Integrate with Service Name
-
-Support level: Community
-
## What is Service-Name
> Insert a quick overview of what Service Name is and what it does. Simply describe the product and what it is, how it is used, and do not include marketing or sales-oriented content.
diff --git a/website/package-lock.json b/website/package-lock.json
index 8145be9f05..868835bca8 100644
--- a/website/package-lock.json
+++ b/website/package-lock.json
@@ -28,13 +28,16 @@
"react-feather": "^2.0.10",
"react-toggle": "^4.1.3",
"react-tooltip": "^5.28.0",
- "remark-github": "^12.0.0"
+ "remark-directive": "^3.0.1",
+ "remark-github": "^12.0.0",
+ "semver": "^7.7.0"
},
"devDependencies": {
"@docusaurus/module-type-aliases": "^3.3.2",
"@docusaurus/tsconfig": "^3.7.0",
"@docusaurus/types": "^3.3.2",
"@types/react": "^18.3.13",
+ "@types/semver": "^7.5.8",
"cross-env": "^7.0.3",
"prettier": "3.5.1",
"typescript": "~5.7.3",
@@ -5404,6 +5407,13 @@
"@types/node": "*"
}
},
+ "node_modules/@types/semver": {
+ "version": "7.5.8",
+ "resolved": "https://registry.npmjs.org/@types/semver/-/semver-7.5.8.tgz",
+ "integrity": "sha512-I8EUhyrgfLrcTkzV3TSsGyl1tSuPrEDzr0yd5m90UgNxQkyDXULk3b6MlQqTCpZpNtWe1K0hzclnZkTcLBe2UQ==",
+ "dev": true,
+ "license": "MIT"
+ },
"node_modules/@types/send": {
"version": "0.17.4",
"resolved": "https://registry.npmjs.org/@types/send/-/send-0.17.4.tgz",
@@ -16440,6 +16450,18 @@
"integrity": "sha512-GpVkmM8vF2vQUkj2LvZmD35JxeJOLCwJ9cUkugyk2nuhbv3+mJvpLYYt+0+USMxE+oj+ey/lJEnhZw75x/OMcQ==",
"license": "MIT"
},
+ "node_modules/openapi-to-postmanv2/node_modules/lru-cache": {
+ "version": "6.0.0",
+ "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-6.0.0.tgz",
+ "integrity": "sha512-Jo6dJ04CmSjuznwJSS3pUeWmd/H0ffTlkXXgwZi+eq1UCmqQwCh+eLsYOYCwY991i2Fah4h1BEMCx4qThGbsiA==",
+ "license": "ISC",
+ "dependencies": {
+ "yallist": "^4.0.0"
+ },
+ "engines": {
+ "node": ">=10"
+ }
+ },
"node_modules/openapi-to-postmanv2/node_modules/mime-db": {
"version": "1.52.0",
"resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.52.0.tgz",
@@ -16483,6 +16505,21 @@
"node": ">=10"
}
},
+ "node_modules/openapi-to-postmanv2/node_modules/semver": {
+ "version": "7.5.4",
+ "resolved": "https://registry.npmjs.org/semver/-/semver-7.5.4.tgz",
+ "integrity": "sha512-1bCSESV6Pv+i21Hvpxp3Dx+pSD8lIPt8uVjRrxAUt/nbswYc+tK6Y2btiULjd4+fnq15PX+nqQDC7Oft7WkwcA==",
+ "license": "ISC",
+ "dependencies": {
+ "lru-cache": "^6.0.0"
+ },
+ "bin": {
+ "semver": "bin/semver.js"
+ },
+ "engines": {
+ "node": ">=10"
+ }
+ },
"node_modules/openapi-to-postmanv2/node_modules/uuid": {
"version": "8.3.2",
"resolved": "https://registry.npmjs.org/uuid/-/uuid-8.3.2.tgz",
@@ -16492,6 +16529,12 @@
"uuid": "dist/bin/uuid"
}
},
+ "node_modules/openapi-to-postmanv2/node_modules/yallist": {
+ "version": "4.0.0",
+ "resolved": "https://registry.npmjs.org/yallist/-/yallist-4.0.0.tgz",
+ "integrity": "sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A==",
+ "license": "ISC"
+ },
"node_modules/opener": {
"version": "1.5.2",
"resolved": "https://registry.npmjs.org/opener/-/opener-1.5.2.tgz",
@@ -18461,6 +18504,18 @@
"node": ">=10"
}
},
+ "node_modules/postman-collection/node_modules/lru-cache": {
+ "version": "6.0.0",
+ "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-6.0.0.tgz",
+ "integrity": "sha512-Jo6dJ04CmSjuznwJSS3pUeWmd/H0ffTlkXXgwZi+eq1UCmqQwCh+eLsYOYCwY991i2Fah4h1BEMCx4qThGbsiA==",
+ "license": "ISC",
+ "dependencies": {
+ "yallist": "^4.0.0"
+ },
+ "engines": {
+ "node": ">=10"
+ }
+ },
"node_modules/postman-collection/node_modules/mime-db": {
"version": "1.52.0",
"resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.52.0.tgz",
@@ -18482,6 +18537,21 @@
"node": ">= 0.6"
}
},
+ "node_modules/postman-collection/node_modules/semver": {
+ "version": "7.5.4",
+ "resolved": "https://registry.npmjs.org/semver/-/semver-7.5.4.tgz",
+ "integrity": "sha512-1bCSESV6Pv+i21Hvpxp3Dx+pSD8lIPt8uVjRrxAUt/nbswYc+tK6Y2btiULjd4+fnq15PX+nqQDC7Oft7WkwcA==",
+ "license": "ISC",
+ "dependencies": {
+ "lru-cache": "^6.0.0"
+ },
+ "bin": {
+ "semver": "bin/semver.js"
+ },
+ "engines": {
+ "node": ">=10"
+ }
+ },
"node_modules/postman-collection/node_modules/uuid": {
"version": "8.3.2",
"resolved": "https://registry.npmjs.org/uuid/-/uuid-8.3.2.tgz",
@@ -18491,6 +18561,12 @@
"uuid": "dist/bin/uuid"
}
},
+ "node_modules/postman-collection/node_modules/yallist": {
+ "version": "4.0.0",
+ "resolved": "https://registry.npmjs.org/yallist/-/yallist-4.0.0.tgz",
+ "integrity": "sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A==",
+ "license": "ISC"
+ },
"node_modules/postman-url-encoder": {
"version": "3.0.5",
"resolved": "https://registry.npmjs.org/postman-url-encoder/-/postman-url-encoder-3.0.5.tgz",
@@ -20113,9 +20189,9 @@
}
},
"node_modules/remark-directive": {
- "version": "3.0.0",
- "resolved": "https://registry.npmjs.org/remark-directive/-/remark-directive-3.0.0.tgz",
- "integrity": "sha512-l1UyWJ6Eg1VPU7Hm/9tt0zKtReJQNOA4+iDMAxTyZNWnJnFlbS/7zhiel/rogTLQ2vMYwDzSJa4BiVNqGlqIMA==",
+ "version": "3.0.1",
+ "resolved": "https://registry.npmjs.org/remark-directive/-/remark-directive-3.0.1.tgz",
+ "integrity": "sha512-gwglrEQEZcZYgVyG1tQuA+h58EZfq5CSULw7J90AFuCTyib1thgHPoqQ+h9iFvU6R+vnZ5oNFQR5QKgGpk741A==",
"license": "MIT",
"dependencies": {
"@types/mdast": "^4.0.0",
@@ -20747,13 +20823,10 @@
}
},
"node_modules/semver": {
- "version": "7.5.4",
- "resolved": "https://registry.npmjs.org/semver/-/semver-7.5.4.tgz",
- "integrity": "sha512-1bCSESV6Pv+i21Hvpxp3Dx+pSD8lIPt8uVjRrxAUt/nbswYc+tK6Y2btiULjd4+fnq15PX+nqQDC7Oft7WkwcA==",
+ "version": "7.7.0",
+ "resolved": "https://registry.npmjs.org/semver/-/semver-7.7.0.tgz",
+ "integrity": "sha512-DrfFnPzblFmNrIZzg5RzHegbiRWg7KMR7btwi2yjHwx06zsUbO5g613sVwEV7FTwmzJu+Io0lJe2GJ3LxqpvBQ==",
"license": "ISC",
- "dependencies": {
- "lru-cache": "^6.0.0"
- },
"bin": {
"semver": "bin/semver.js"
},
@@ -20776,24 +20849,6 @@
"url": "https://github.com/sponsors/sindresorhus"
}
},
- "node_modules/semver/node_modules/lru-cache": {
- "version": "6.0.0",
- "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-6.0.0.tgz",
- "integrity": "sha512-Jo6dJ04CmSjuznwJSS3pUeWmd/H0ffTlkXXgwZi+eq1UCmqQwCh+eLsYOYCwY991i2Fah4h1BEMCx4qThGbsiA==",
- "license": "ISC",
- "dependencies": {
- "yallist": "^4.0.0"
- },
- "engines": {
- "node": ">=10"
- }
- },
- "node_modules/semver/node_modules/yallist": {
- "version": "4.0.0",
- "resolved": "https://registry.npmjs.org/yallist/-/yallist-4.0.0.tgz",
- "integrity": "sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A==",
- "license": "ISC"
- },
"node_modules/send": {
"version": "0.19.0",
"resolved": "https://registry.npmjs.org/send/-/send-0.19.0.tgz",
diff --git a/website/package.json b/website/package.json
index 238ce234e0..a5bf53c0f4 100644
--- a/website/package.json
+++ b/website/package.json
@@ -17,6 +17,7 @@
"watch": "docusaurus gen-api-docs all && docusaurus start"
},
"dependencies": {
+ "semver": "^7.7.0",
"@docusaurus/core": "^3.7.0",
"@docusaurus/plugin-client-redirects": "^3.7.0",
"@docusaurus/plugin-content-docs": "^3.7.0",
@@ -36,6 +37,7 @@
"react-feather": "^2.0.10",
"react-toggle": "^4.1.3",
"react-tooltip": "^5.28.0",
+ "remark-directive": "^3.0.1",
"remark-github": "^12.0.0"
},
"browserslist": {
@@ -51,6 +53,7 @@
]
},
"devDependencies": {
+ "@types/semver": "^7.5.8",
"@docusaurus/module-type-aliases": "^3.3.2",
"@docusaurus/tsconfig": "^3.7.0",
"@docusaurus/types": "^3.3.2",
diff --git a/website/remark/preview-directive.ts b/website/remark/preview-directive.ts
new file mode 100644
index 0000000000..33bce94f08
--- /dev/null
+++ b/website/remark/preview-directive.ts
@@ -0,0 +1,43 @@
+import "mdast-util-to-hast";
+import "mdast-util-directive";
+
+import { h } from "hastscript";
+import { Root } from "mdast";
+import { visit, SKIP } from "unist-util-visit";
+
+/**
+ * MDAST plugin to transform `ak-preview` directives into preview badges.
+ */
+function remarkPreviewDirective() {
+ return function (tree: Root) {
+ visit(tree, "textDirective", function (node) {
+ if (node.name !== "ak-preview") return SKIP;
+
+ const data = node.data || (node.data = {});
+
+ const hast = h("span", {
+ ...node.attributes,
+ className: "badge badge--preview",
+ title: `This feature is in preview and may change in the future.`,
+ "aria-description": "Preview badge",
+ role: "img",
+ });
+
+ data.hName = hast.tagName;
+ data.hProperties = hast.properties;
+
+ data.hChildren = [
+ {
+ type: "text",
+ value: "Preview",
+ },
+ ];
+
+ node.children = [];
+
+ return SKIP;
+ });
+ };
+}
+
+export default remarkPreviewDirective;
diff --git a/website/remark/support-directive.ts b/website/remark/support-directive.ts
new file mode 100644
index 0000000000..fa2bab5406
--- /dev/null
+++ b/website/remark/support-directive.ts
@@ -0,0 +1,78 @@
+import "mdast-util-to-hast";
+import "mdast-util-directive";
+
+import { h } from "hastscript";
+import { Root } from "mdast";
+import { visit, SKIP } from "unist-util-visit";
+import { coerce } from "semver";
+
+/**
+ * Support levels for authentik.
+ */
+export type SupportLevel = "authentik" | "community" | "vendor" | "deprecated";
+
+/**
+ * Mapping of support levels to badge classes.
+ */
+export const SupportLevelToLabel = {
+ authentik: "authentik",
+ community: "Community",
+ vendor: "Vendor",
+ deprecated: "Deprecated",
+} as const satisfies Record;
+
+/**
+ * Type-predicate to determine if a string is a known support level.
+ */
+export function isSupportLevel(input: string): input is SupportLevel {
+ return Object.hasOwn(SupportLevelToLabel, input);
+}
+
+/**
+ * MDAST plugin to transform `ak-support` directives into preview badges.
+ */
+function remarkSupportDirective() {
+ return function (tree: Root) {
+ visit(tree, "textDirective", function (node) {
+ if (node.name !== "ak-support") return SKIP;
+
+ const firstChild = node.children[0];
+
+ if (firstChild?.type !== "text") return SKIP;
+
+ const level = firstChild.value.trim();
+
+ if (!isSupportLevel(level)) {
+ throw new TypeError(`Invalid support level: ${level}`);
+ }
+
+ const label = SupportLevelToLabel[level];
+
+ const data = node.data || (node.data = {});
+
+ const hast = h("span", {
+ ...node.attributes,
+ className: `badge badge--support-${level}`,
+ title: `This feature is supported at the ${label} level.`,
+ "aria-description": "Support level badge",
+ role: "img",
+ });
+
+ data.hName = hast.tagName;
+ data.hProperties = hast.properties;
+
+ data.hChildren = [
+ {
+ type: "text",
+ value: `Support level: ${label}`,
+ },
+ ];
+
+ node.children = [];
+
+ return SKIP;
+ });
+ };
+}
+
+export default remarkSupportDirective;
diff --git a/website/remark/version-directive.ts b/website/remark/version-directive.ts
new file mode 100644
index 0000000000..1a4ef801ff
--- /dev/null
+++ b/website/remark/version-directive.ts
@@ -0,0 +1,75 @@
+import "mdast-util-to-hast";
+import "mdast-util-directive";
+
+import { h } from "hastscript";
+import { Root } from "mdast";
+import { visit, SKIP } from "unist-util-visit";
+import { coerce } from "semver";
+
+/**
+ * MDAST plugin to transform `ak-version` directives into version badges.
+ *
+ * Given a heading like:
+ *
+ * ```md
+ * # Feature Foobar :ak-version[v1.2.3]
+ * ```
+ *
+ * Rewrites the heading to:
+ *
+ * ```md
+ * # Feature Foobar authentik: v1.2.3+
+ * ```
+ */
+function remarkVersionDirective() {
+ return function (tree: Root) {
+ visit(tree, "textDirective", function (node) {
+ if (node.name !== "ak-version") return SKIP;
+
+ const firstChild = node.children[0];
+
+ if (firstChild?.type !== "text") return SKIP;
+
+ const semver = firstChild.value.trim();
+ const parsed = coerce(semver);
+
+ if (!parsed) {
+ throw new Error(`Invalid semver version: ${semver}`);
+ }
+
+ const yearCutoff = new Date().getFullYear() - 2;
+
+ if (parsed.major <= yearCutoff) {
+ throw new Error(
+ `Semver version <= ${yearCutoff} is not supported: ${semver}`,
+ );
+ }
+
+ const data = node.data || (node.data = {});
+
+ const hast = h("span", {
+ ...node.attributes,
+ className: "badge badge--version",
+ title: `Available in authentik ${parsed.format()} and later`,
+ "aria-description": "Version badge",
+ role: "img",
+ });
+
+ data.hName = hast.tagName;
+ data.hProperties = hast.properties;
+
+ data.hChildren = [
+ {
+ type: "text",
+ value: `authentik:\u00A0${parsed.format()}+`,
+ },
+ ];
+
+ node.children = [];
+
+ return SKIP;
+ });
+ };
+}
+
+export default remarkVersionDirective;
diff --git a/website/src/components/PreviewBadge.tsx b/website/src/components/PreviewBadge.tsx
new file mode 100644
index 0000000000..e0b15d8614
--- /dev/null
+++ b/website/src/components/PreviewBadge.tsx
@@ -0,0 +1,19 @@
+import React from "react";
+
+/**
+ * Badge indicating the preview status of a feature or integration.
+ */
+export const PreviewBadge: React.FC = () => {
+ return (
+
+ Preview
+
+ );
+};
+
+export default PreviewBadge;
diff --git a/website/src/components/SupportBadge.tsx b/website/src/components/SupportBadge.tsx
new file mode 100644
index 0000000000..15d6a8985c
--- /dev/null
+++ b/website/src/components/SupportBadge.tsx
@@ -0,0 +1,34 @@
+import React from "react";
+import {
+ isSupportLevel,
+ SupportLevelToLabel,
+} from "@site/remark/support-directive";
+
+export interface SupportBadgeProps {
+ level: string;
+}
+
+/**
+ * Badge indicating the support level of a feature or integration.
+ */
+export const SupportBadge: React.FC = ({ level }) => {
+ if (!isSupportLevel(level)) {
+ throw new TypeError(`Invalid support level: ${level}`);
+ }
+
+ const label = SupportLevelToLabel[level];
+ const className = `badge badge--support-${level}`;
+
+ return (
+
+ Support level: {label}
+
+ );
+};
+
+export default SupportBadge;
diff --git a/website/src/components/VersionBadge.tsx b/website/src/components/VersionBadge.tsx
new file mode 100644
index 0000000000..5f1b0cab26
--- /dev/null
+++ b/website/src/components/VersionBadge.tsx
@@ -0,0 +1,38 @@
+import React from "react";
+import { coerce } from "semver";
+
+export interface AuthentikVersionProps {
+ semver: string;
+}
+
+/**
+ * Badge indicating semantic versioning of authentik required for a feature or integration.
+ */
+export const VersionBadge: React.FC = ({ semver }) => {
+ const parsed = coerce(semver);
+
+ if (!parsed) {
+ throw new Error(`Invalid semver version: ${semver}`);
+ }
+
+ const yearCutoff = new Date().getFullYear() - 2;
+
+ if (parsed.major <= yearCutoff) {
+ throw new Error(
+ `Semver version <= ${yearCutoff} is not supported: ${semver}`,
+ );
+ }
+
+ return (
+
+ authentik: {parsed.format()}+
+
+ );
+};
+
+export default VersionBadge;
diff --git a/website/src/css/custom.css b/website/src/css/custom.css
index 99fbb952b0..2de5b9f738 100644
--- a/website/src/css/custom.css
+++ b/website/src/css/custom.css
@@ -1,4 +1,4 @@
-/*#region root*/
+/* #region root */
:root {
--ifm-color-primary: #fd4b2d;
@@ -13,9 +13,9 @@
--ifm-navbar-link-hover-color: var(--ifm-color-gray-1000);
}
-/*#endregion*/
+/* #endregion */
-/*#region Buttons*/
+/* #region Buttons */
.button.button--outline {
color: var(--white) !important;
@@ -27,9 +27,9 @@
--ifm-button-background-color: var(--white);
}
-/*#endregion*/
+/* #endregion */
-/*#region Navbar*/
+/* #region Navbar */
.navbar {
background-color: var(--ifm-color-primary);
@@ -47,9 +47,9 @@
stroke: var(--white);
}
-/*#endregion*/
+/* #endregion */
-/*#region Header*/
+/* #region Header */
.header-github-link:hover {
opacity: 0.6;
@@ -77,7 +77,7 @@
no-repeat;
}
-/*#endregion*/
+/* #endregion */
@media (min-width: 1600px) {
#__docusaurus_skipToContent_fallback > div {
@@ -99,11 +99,12 @@
src: url("https://fonts.googleapis.com/css2?family=Roboto:wght@300&display=swap");
}
+/* #region Containers */
+
body {
font-family: "Roboto", sans-serif;
}
-/* Container styles */
.content {
width: 100vw;
height: 100vh;
@@ -112,6 +113,10 @@ body {
justify-content: center;
}
+/* #endregion */
+
+/* #region Sidebar */
+
/* styling for version selector in sidebar */
.theme-doc-sidebar-menu .dropdown {
display: block;
@@ -128,31 +133,75 @@ body {
margin-right: -0.5rem;
}
+/* #endregion */
+
+/* #region Navbar */
+
/* Nav header background color on mobile */
.navbar-sidebar__brand,
.navbar-sidebar__items {
background-color: var(--ifm-color-primary);
}
-.badge--version {
- --ifm-badge-background-color: var(--ifm-color-primary-contrast-background);
- color: var(--ifm-color-primary-contrast-foreground);
- --ifm-badge-border-color: var(--ifm-badge-background-color);
+/* #endregion */
+
+/* #region Badges */
+
+.anchor > .badge {
font-size: 0.75rem;
vertical-align: middle;
}
+.anchor > .badge {
+ margin-left: 0.5rem;
+}
+
+.badge--support-vendor {
+ --ifm-badge-background-color: var(--ifm-color-warning-contrast-background);
+ --ifm-badge-color: var(--ifm-color-warning-contrast-foreground);
+ --ifm-badge-border-color: var(--ifm-color-warning-contrast-foreground);
+}
+
+.badge--support-community {
+ --ifm-badge-background-color: var(--ifm-color-secondary);
+ --ifm-badge-border-color: var(--ifm-color-secondary-contrast-background);
+ --ifm-badge-color: var(--ifm-color-secondary-contrast-background);
+}
+
+.badge--support-deprecated {
+ --ifm-badge-background-color: var(--ifm-color-danger);
+ --ifm-badge-border-color: var(--ifm-color-danger-contrast-background);
+ --ifm-badge-color: var(--ifm-color-danger-contrast-foreground);
+}
+
+.badge--support-authentik {
+ --ifm-badge-background-color: var(--ifm-color-primary);
+ --ifm-badge-border-color: var(--ifm-color-primary-contrast-foreground);
+ --ifm-badge-color: var(--ifm-color-primary-contrast-foreground);
+}
+
+.badge--version {
+ --ifm-badge-background-color: var(--ifm-color-primary-contrast-background);
+ --ifm-badge-border-color: var(--ifm-color-primary-contrast-foreground);
+ --ifm-badge-color: var(--ifm-color-primary-contrast-foreground);
+ cursor: help;
+}
+
.badge--preview {
--ifm-badge-background-color: rgb(115, 188, 247);
- color: var(--ifm-color-primary-contrast-foreground);
--ifm-badge-border-color: var(--ifm-badge-background-color);
- font-size: 0.75rem;
- vertical-align: middle;
+ --ifm-badge-color: var(--ifm-color-primary-contrast-foreground);
}
-/*#endregion*/
+.badge-group {
+ display: flex;
+ flex-wrap: wrap;
+ gap: 1rem;
+}
-/*#region Mermaid*/
+/* #endregion */
+
+/* #region Mermaid */
.docusaurus-mermaid-container {
/* Improve contrast. */
@@ -163,7 +212,7 @@ body {
paint-order: stroke;
}
}
-/*#endregion*/
+/* #endregion */
.markdown {
/* Remove empty table headers. */
diff --git a/website/src/hooks/title.ts b/website/src/hooks/title.ts
new file mode 100644
index 0000000000..b2b76ea76c
--- /dev/null
+++ b/website/src/hooks/title.ts
@@ -0,0 +1,23 @@
+import { useDoc } from "@docusaurus/plugin-content-docs/client";
+
+/**
+ * Title can be declared inside md content or declared through
+ * front matter and added manually. To make both cases consistent,
+ * the added title is added under the same div.markdown block
+ * See https://github.com/facebook/docusaurus/pull/4882#issuecomment-853021120
+ *
+ * We render a "synthetic title" if:
+ * - user doesn't ask to hide it with front matter
+ * - the markdown content does not already contain a top-level h1 heading
+ *
+ * @vendor docusaurus
+ */
+export function useSyntheticTitle(): string | null {
+ const { metadata, frontMatter, contentTitle } = useDoc();
+ const shouldRender =
+ !frontMatter.hide_title && typeof contentTitle === "undefined";
+ if (!shouldRender) {
+ return null;
+ }
+ return metadata.title;
+}
diff --git a/website/src/theme/DocItem/Content/index.tsx b/website/src/theme/DocItem/Content/index.tsx
new file mode 100644
index 0000000000..4802c20d4c
--- /dev/null
+++ b/website/src/theme/DocItem/Content/index.tsx
@@ -0,0 +1,88 @@
+/**
+ * @file Swizzled DocItemContent component.
+ *
+ * This component is a swizzled version of the original DocItemContent component.
+ *
+ * Similar to Docusaurus' default `DocItemContent`, this component renders
+ * the content of a documentation page. However, it also adds support for
+ * support badges, and Authentik version badges.
+ */
+
+import React from "react";
+import clsx from "clsx";
+import { ThemeClassNames } from "@docusaurus/theme-common";
+import {
+ DocContextValue,
+ useDoc,
+} from "@docusaurus/plugin-content-docs/client";
+import Heading from "@theme/Heading";
+import MDXContent from "@theme/MDXContent";
+import type { Props } from "@theme/DocItem/Content";
+import { DocFrontMatter } from "@docusaurus/plugin-content-docs";
+import { useSyntheticTitle } from "@site/src/hooks/title";
+import { SupportBadge } from "@site/src/components/SupportBadge";
+import { VersionBadge } from "@site/src/components/VersionBadge";
+
+interface SwizzledDocFrontMatter extends DocFrontMatter {
+ support_level?: string;
+ authentik_version?: string;
+ authentik_preview: boolean;
+ authentik_enterprise: boolean;
+}
+
+interface SwizzledDocContextValue extends DocContextValue {
+ frontMatter: SwizzledDocFrontMatter;
+}
+
+const DocItemContent: React.FC = ({ children }) => {
+ const syntheticTitle = useSyntheticTitle();
+ const { frontMatter } = useDoc() as SwizzledDocContextValue;
+ const {
+ support_level,
+ authentik_version,
+ authentik_enterprise,
+ authentik_preview,
+ } = frontMatter;
+
+ const badges: JSX.Element[] = [];
+
+ if (authentik_version) {
+ badges.push();
+ }
+
+ if (support_level) {
+ badges.push();
+ }
+
+ if (authentik_preview) {
+ badges.push(Preview);
+ }
+
+ if (authentik_enterprise) {
+ badges.push(Enterprise);
+ }
+
+ return (
+
+ );
+};
+
+export default DocItemContent;
diff --git a/website/tsconfig.json b/website/tsconfig.json
new file mode 100644
index 0000000000..fd4481fe32
--- /dev/null
+++ b/website/tsconfig.json
@@ -0,0 +1,8 @@
+{
+ // This file is not used in compilation. It is here just for a nice editor experience.
+ "extends": "@docusaurus/tsconfig",
+ "compilerOptions": {
+ "baseUrl": "."
+ },
+ "exclude": [".docusaurus", "build", "node_modules"]
+}